Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gpsbabel-1.7.0+ds/alan.cc
Examining data/gpsbabel-1.7.0+ds/an1.cc
Examining data/gpsbabel-1.7.0+ds/an1sym.h
Examining data/gpsbabel-1.7.0+ds/arcdist.cc
Examining data/gpsbabel-1.7.0+ds/arcdist.h
Examining data/gpsbabel-1.7.0+ds/bcr.cc
Examining data/gpsbabel-1.7.0+ds/bend.cc
Examining data/gpsbabel-1.7.0+ds/bend.h
Examining data/gpsbabel-1.7.0+ds/brauniger_iq.cc
Examining data/gpsbabel-1.7.0+ds/bushnell.cc
Examining data/gpsbabel-1.7.0+ds/bushnell_trl.cc
Examining data/gpsbabel-1.7.0+ds/cet.cc
Examining data/gpsbabel-1.7.0+ds/cet.h
Examining data/gpsbabel-1.7.0+ds/cet_util.cc
Examining data/gpsbabel-1.7.0+ds/cet_util.h
Examining data/gpsbabel-1.7.0+ds/compegps.cc
Examining data/gpsbabel-1.7.0+ds/config.tests/stdarg/main.cpp
Examining data/gpsbabel-1.7.0+ds/config.tests/unistd/main.cpp
Examining data/gpsbabel-1.7.0+ds/coverity_model.cc
Examining data/gpsbabel-1.7.0+ds/cst.cc
Examining data/gpsbabel-1.7.0+ds/csv_util.cc
Examining data/gpsbabel-1.7.0+ds/csv_util.h
Examining data/gpsbabel-1.7.0+ds/defs.h
Examining data/gpsbabel-1.7.0+ds/delgpl.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/axim_gpb.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/cetus.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/copilot.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/coto.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/delbin.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/filter_skeleton.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/gcdb.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/geoniche.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/google.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/gpspilot.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/mag_pdb.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/magnav.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/mapopolis.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/msroute.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/overlay.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/palmdoc.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/pdbfile.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/pdbfile.h
Examining data/gpsbabel-1.7.0+ds/deprecated/psitrex.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/psp.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/queue.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/queue.h
Examining data/gpsbabel-1.7.0+ds/deprecated/quovadis.cc
Examining data/gpsbabel-1.7.0+ds/deprecated/quovadis.h
Examining data/gpsbabel-1.7.0+ds/destinator.cc
Examining data/gpsbabel-1.7.0+ds/dg-100.cc
Examining data/gpsbabel-1.7.0+ds/dg-100.h
Examining data/gpsbabel-1.7.0+ds/discard.cc
Examining data/gpsbabel-1.7.0+ds/discard.h
Examining data/gpsbabel-1.7.0+ds/dmtlog.cc
Examining data/gpsbabel-1.7.0+ds/duplicate.cc
Examining data/gpsbabel-1.7.0+ds/duplicate.h
Examining data/gpsbabel-1.7.0+ds/easygps.cc
Examining data/gpsbabel-1.7.0+ds/exif.cc
Examining data/gpsbabel-1.7.0+ds/explorist_ini.cc
Examining data/gpsbabel-1.7.0+ds/explorist_ini.h
Examining data/gpsbabel-1.7.0+ds/f90g_track.cc
Examining data/gpsbabel-1.7.0+ds/fatal.cc
Examining data/gpsbabel-1.7.0+ds/filter.h
Examining data/gpsbabel-1.7.0+ds/filter_vecs.cc
Examining data/gpsbabel-1.7.0+ds/filter_vecs.h
Examining data/gpsbabel-1.7.0+ds/format.h
Examining data/gpsbabel-1.7.0+ds/format_skeleton.cc
Examining data/gpsbabel-1.7.0+ds/formspec.cc
Examining data/gpsbabel-1.7.0+ds/formspec.h
Examining data/gpsbabel-1.7.0+ds/g7towin.cc
Examining data/gpsbabel-1.7.0+ds/garmin.cc
Examining data/gpsbabel-1.7.0+ds/garmin_device_xml.cc
Examining data/gpsbabel-1.7.0+ds/garmin_device_xml.h
Examining data/gpsbabel-1.7.0+ds/garmin_fit.cc
Examining data/gpsbabel-1.7.0+ds/garmin_fit.h
Examining data/gpsbabel-1.7.0+ds/garmin_fs.cc
Examining data/gpsbabel-1.7.0+ds/garmin_fs.h
Examining data/gpsbabel-1.7.0+ds/garmin_gpi.cc
Examining data/gpsbabel-1.7.0+ds/garmin_gpi.h
Examining data/gpsbabel-1.7.0+ds/garmin_icon_tables.h
Examining data/gpsbabel-1.7.0+ds/garmin_tables.cc
Examining data/gpsbabel-1.7.0+ds/garmin_tables.h
Examining data/gpsbabel-1.7.0+ds/garmin_txt.cc
Examining data/gpsbabel-1.7.0+ds/garmin_xt.cc
Examining data/gpsbabel-1.7.0+ds/gbfile.cc
Examining data/gpsbabel-1.7.0+ds/gbfile.h
Examining data/gpsbabel-1.7.0+ds/gbser.cc
Examining data/gpsbabel-1.7.0+ds/gbser.h
Examining data/gpsbabel-1.7.0+ds/gbser_posix.cc
Examining data/gpsbabel-1.7.0+ds/gbser_posix.h
Examining data/gpsbabel-1.7.0+ds/gbser_private.h
Examining data/gpsbabel-1.7.0+ds/gbser_win.cc
Examining data/gpsbabel-1.7.0+ds/gbser_win.h
Examining data/gpsbabel-1.7.0+ds/gbversion.h
Examining data/gpsbabel-1.7.0+ds/gdb.cc
Examining data/gpsbabel-1.7.0+ds/geo.cc
Examining data/gpsbabel-1.7.0+ds/geojson.cc
Examining data/gpsbabel-1.7.0+ds/geojson.h
Examining data/gpsbabel-1.7.0+ds/ggv_bin.cc
Examining data/gpsbabel-1.7.0+ds/ggv_bin.h
Examining data/gpsbabel-1.7.0+ds/ggv_log.cc
Examining data/gpsbabel-1.7.0+ds/ggv_ovl.cc
Examining data/gpsbabel-1.7.0+ds/globals.cc
Examining data/gpsbabel-1.7.0+ds/globalsat_sport.h
Examining data/gpsbabel-1.7.0+ds/glogbook.cc
Examining data/gpsbabel-1.7.0+ds/gnav_trl.cc
Examining data/gpsbabel-1.7.0+ds/googledir.cc
Examining data/gpsbabel-1.7.0+ds/gopal.cc
Examining data/gpsbabel-1.7.0+ds/gpssim.cc
Examining data/gpsbabel-1.7.0+ds/gpsutil.cc
Examining data/gpsbabel-1.7.0+ds/gpx.cc
Examining data/gpsbabel-1.7.0+ds/gpx.h
Examining data/gpsbabel-1.7.0+ds/grtcirc.cc
Examining data/gpsbabel-1.7.0+ds/grtcirc.h
Examining data/gpsbabel-1.7.0+ds/gtm.cc
Examining data/gpsbabel-1.7.0+ds/gtrnctr.cc
Examining data/gpsbabel-1.7.0+ds/gui/aboutdlg.cc
Examining data/gpsbabel-1.7.0+ds/gui/aboutdlg.h
Examining data/gpsbabel-1.7.0+ds/gui/advdlg.cc
Examining data/gpsbabel-1.7.0+ds/gui/advdlg.h
Examining data/gpsbabel-1.7.0+ds/gui/appname.h
Examining data/gpsbabel-1.7.0+ds/gui/coretool/core_strings.h
Examining data/gpsbabel-1.7.0+ds/gui/coretool/coretool.cc
Examining data/gpsbabel-1.7.0+ds/gui/donate.cc
Examining data/gpsbabel-1.7.0+ds/gui/donate.h
Examining data/gpsbabel-1.7.0+ds/gui/dpencode.cc
Examining data/gpsbabel-1.7.0+ds/gui/dpencode.h
Examining data/gpsbabel-1.7.0+ds/gui/filterdata.cc
Examining data/gpsbabel-1.7.0+ds/gui/filterdata.h
Examining data/gpsbabel-1.7.0+ds/gui/filterdlg.cc
Examining data/gpsbabel-1.7.0+ds/gui/filterdlg.h
Examining data/gpsbabel-1.7.0+ds/gui/filterwidgets.cc
Examining data/gpsbabel-1.7.0+ds/gui/filterwidgets.h
Examining data/gpsbabel-1.7.0+ds/gui/format.cc
Examining data/gpsbabel-1.7.0+ds/gui/format.h
Examining data/gpsbabel-1.7.0+ds/gui/formatload.cc
Examining data/gpsbabel-1.7.0+ds/gui/formatload.h
Examining data/gpsbabel-1.7.0+ds/gui/gmapdlg.cc
Examining data/gpsbabel-1.7.0+ds/gui/gmapdlg.h
Examining data/gpsbabel-1.7.0+ds/gui/gpx.cc
Examining data/gpsbabel-1.7.0+ds/gui/gpx.h
Examining data/gpsbabel-1.7.0+ds/gui/help.cc
Examining data/gpsbabel-1.7.0+ds/gui/help.h
Examining data/gpsbabel-1.7.0+ds/gui/latlng.cc
Examining data/gpsbabel-1.7.0+ds/gui/latlng.h
Examining data/gpsbabel-1.7.0+ds/gui/main.cc
Examining data/gpsbabel-1.7.0+ds/gui/mainwindow.h
Examining data/gpsbabel-1.7.0+ds/gui/map.h
Examining data/gpsbabel-1.7.0+ds/gui/optionsdlg.cc
Examining data/gpsbabel-1.7.0+ds/gui/optionsdlg.h
Examining data/gpsbabel-1.7.0+ds/gui/preferences.h
Examining data/gpsbabel-1.7.0+ds/gui/processwait.cc
Examining data/gpsbabel-1.7.0+ds/gui/processwait.h
Examining data/gpsbabel-1.7.0+ds/gui/serial_unix.cc
Examining data/gpsbabel-1.7.0+ds/gui/serial_win.cc
Examining data/gpsbabel-1.7.0+ds/gui/setting.h
Examining data/gpsbabel-1.7.0+ds/gui/upgrade.cc
Examining data/gpsbabel-1.7.0+ds/gui/upgrade.h
Examining data/gpsbabel-1.7.0+ds/gui/version_mismatch.cc
Examining data/gpsbabel-1.7.0+ds/gui/version_mismatch.h
Examining data/gpsbabel-1.7.0+ds/gui/preferences.cc
Examining data/gpsbabel-1.7.0+ds/gui/babeldata.h
Examining data/gpsbabel-1.7.0+ds/gui/mainwindow.cc
Examining data/gpsbabel-1.7.0+ds/gui/map.cc
Examining data/gpsbabel-1.7.0+ds/height.cc
Examining data/gpsbabel-1.7.0+ds/height.h
Examining data/gpsbabel-1.7.0+ds/heightgrid.h
Examining data/gpsbabel-1.7.0+ds/hiketech.cc
Examining data/gpsbabel-1.7.0+ds/holux.cc
Examining data/gpsbabel-1.7.0+ds/holux.h
Examining data/gpsbabel-1.7.0+ds/html.cc
Examining data/gpsbabel-1.7.0+ds/humminbird.cc
Examining data/gpsbabel-1.7.0+ds/igc.cc
Examining data/gpsbabel-1.7.0+ds/ignrando.cc
Examining data/gpsbabel-1.7.0+ds/igo8.cc
Examining data/gpsbabel-1.7.0+ds/ik3d.cc
Examining data/gpsbabel-1.7.0+ds/inifile.cc
Examining data/gpsbabel-1.7.0+ds/inifile.h
Examining data/gpsbabel-1.7.0+ds/internal_styles.cc
Examining data/gpsbabel-1.7.0+ds/interpolate.cc
Examining data/gpsbabel-1.7.0+ds/interpolate.h
Examining data/gpsbabel-1.7.0+ds/itracku.cc
Examining data/gpsbabel-1.7.0+ds/jeeps/garminusb.h
Examining data/gpsbabel-1.7.0+ds/jeeps/gps.h
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsapp.cc
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsapp.h
Examining data/gpsbabel-1.7.0+ds/jeeps/gpscom.cc
Examining data/gpsbabel-1.7.0+ds/jeeps/gpscom.h
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsdatum.h
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsdevice.cc
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsdevice.h
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsdevice_ser.cc
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsdevice_usb.cc
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsfmt.cc
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsfmt.h
Examining data/gpsbabel-1.7.0+ds/jeeps/gpslibusb.cc
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsmath.cc
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsmath.h
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsmem.cc
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsmem.h
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsport.h
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsproj.cc
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsproj.h
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsprot.cc
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsprot.h
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsread.cc
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsread.h
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsrqst.cc
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsrqst.h
Examining data/gpsbabel-1.7.0+ds/jeeps/gpssend.cc
Examining data/gpsbabel-1.7.0+ds/jeeps/gpssend.h
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsserial.cc
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsserial.h
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsusbcommon.cc
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsusbcommon.h
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsusbint.h
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsusbread.cc
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsusbsend.cc
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsusbstub.cc
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsusbwin.cc
Examining data/gpsbabel-1.7.0+ds/jeeps/gpsutil.h
Examining data/gpsbabel-1.7.0+ds/jeeps/jgpsutil.cc
Examining data/gpsbabel-1.7.0+ds/jogmap.cc
Examining data/gpsbabel-1.7.0+ds/jtr.cc
Examining data/gpsbabel-1.7.0+ds/kml.cc
Examining data/gpsbabel-1.7.0+ds/kml.h
Examining data/gpsbabel-1.7.0+ds/legacyformat.h
Examining data/gpsbabel-1.7.0+ds/lmx.cc
Examining data/gpsbabel-1.7.0+ds/lowranceusr.cc
Examining data/gpsbabel-1.7.0+ds/lowranceusr.h
Examining data/gpsbabel-1.7.0+ds/magellan.h
Examining data/gpsbabel-1.7.0+ds/maggeo.cc
Examining data/gpsbabel-1.7.0+ds/magproto.cc
Examining data/gpsbabel-1.7.0+ds/main.cc
Examining data/gpsbabel-1.7.0+ds/mapasia.cc
Examining data/gpsbabel-1.7.0+ds/mapbar_track.cc
Examining data/gpsbabel-1.7.0+ds/mapfactor.cc
Examining data/gpsbabel-1.7.0+ds/mapsend.cc
Examining data/gpsbabel-1.7.0+ds/mapsend.h
Examining data/gpsbabel-1.7.0+ds/mkicondoc.cc
Examining data/gpsbabel-1.7.0+ds/mkshort.cc
Examining data/gpsbabel-1.7.0+ds/mmo.cc
Examining data/gpsbabel-1.7.0+ds/mtk_locus.cc
Examining data/gpsbabel-1.7.0+ds/mtk_logger.cc
Examining data/gpsbabel-1.7.0+ds/mynav.cc
Examining data/gpsbabel-1.7.0+ds/mynav.h
Examining data/gpsbabel-1.7.0+ds/navicache.cc
Examining data/gpsbabel-1.7.0+ds/naviguide.cc
Examining data/gpsbabel-1.7.0+ds/navilink.cc
Examining data/gpsbabel-1.7.0+ds/navilink.h
Examining data/gpsbabel-1.7.0+ds/navitel.cc
Examining data/gpsbabel-1.7.0+ds/netstumbler.cc
Examining data/gpsbabel-1.7.0+ds/nmea.cc
Examining data/gpsbabel-1.7.0+ds/nmea.h
Examining data/gpsbabel-1.7.0+ds/nmn4.cc
Examining data/gpsbabel-1.7.0+ds/nukedata.cc
Examining data/gpsbabel-1.7.0+ds/nukedata.h
Examining data/gpsbabel-1.7.0+ds/osm.cc
Examining data/gpsbabel-1.7.0+ds/osm.h
Examining data/gpsbabel-1.7.0+ds/ozi.cc
Examining data/gpsbabel-1.7.0+ds/parse.cc
Examining data/gpsbabel-1.7.0+ds/pcx.cc
Examining data/gpsbabel-1.7.0+ds/pocketfms_bc.cc
Examining data/gpsbabel-1.7.0+ds/pocketfms_fp.cc
Examining data/gpsbabel-1.7.0+ds/pocketfms_wp.cc
Examining data/gpsbabel-1.7.0+ds/polygon.cc
Examining data/gpsbabel-1.7.0+ds/polygon.h
Examining data/gpsbabel-1.7.0+ds/position.cc
Examining data/gpsbabel-1.7.0+ds/position.h
Examining data/gpsbabel-1.7.0+ds/qstarz_bl_1000.cc
Examining data/gpsbabel-1.7.0+ds/qstarz_bl_1000.h
Examining data/gpsbabel-1.7.0+ds/radius.cc
Examining data/gpsbabel-1.7.0+ds/radius.h
Examining data/gpsbabel-1.7.0+ds/random.cc
Examining data/gpsbabel-1.7.0+ds/random.h
Examining data/gpsbabel-1.7.0+ds/raymarine.cc
Examining data/gpsbabel-1.7.0+ds/reverse_route.cc
Examining data/gpsbabel-1.7.0+ds/reverse_route.h
Examining data/gpsbabel-1.7.0+ds/rgbcolors.cc
Examining data/gpsbabel-1.7.0+ds/route.cc
Examining data/gpsbabel-1.7.0+ds/saroute.cc
Examining data/gpsbabel-1.7.0+ds/sbn.cc
Examining data/gpsbabel-1.7.0+ds/sbp.cc
Examining data/gpsbabel-1.7.0+ds/session.cc
Examining data/gpsbabel-1.7.0+ds/session.h
Examining data/gpsbabel-1.7.0+ds/shortname.cc
Examining data/gpsbabel-1.7.0+ds/skyforce.cc
Examining data/gpsbabel-1.7.0+ds/skytraq.cc
Examining data/gpsbabel-1.7.0+ds/smplrout.cc
Examining data/gpsbabel-1.7.0+ds/smplrout.h
Examining data/gpsbabel-1.7.0+ds/sort.cc
Examining data/gpsbabel-1.7.0+ds/sort.h
Examining data/gpsbabel-1.7.0+ds/src/core/datetime.h
Examining data/gpsbabel-1.7.0+ds/src/core/file.h
Examining data/gpsbabel-1.7.0+ds/src/core/logging.h
Examining data/gpsbabel-1.7.0+ds/src/core/optional.h
Examining data/gpsbabel-1.7.0+ds/src/core/optionaldouble.h
Examining data/gpsbabel-1.7.0+ds/src/core/textstream.cc
Examining data/gpsbabel-1.7.0+ds/src/core/textstream.h
Examining data/gpsbabel-1.7.0+ds/src/core/usasciicodec.cc
Examining data/gpsbabel-1.7.0+ds/src/core/usasciicodec.h
Examining data/gpsbabel-1.7.0+ds/src/core/xmlstreamwriter.cc
Examining data/gpsbabel-1.7.0+ds/src/core/xmlstreamwriter.h
Examining data/gpsbabel-1.7.0+ds/src/core/xmltag.h
Examining data/gpsbabel-1.7.0+ds/src/core/ziparchive.cc
Examining data/gpsbabel-1.7.0+ds/src/core/ziparchive.h
Examining data/gpsbabel-1.7.0+ds/stackfilter.cc
Examining data/gpsbabel-1.7.0+ds/stackfilter.h
Examining data/gpsbabel-1.7.0+ds/stmsdf.cc
Examining data/gpsbabel-1.7.0+ds/stmwpp.cc
Examining data/gpsbabel-1.7.0+ds/strptime.c
Examining data/gpsbabel-1.7.0+ds/strptime.h
Examining data/gpsbabel-1.7.0+ds/subrip.cc
Examining data/gpsbabel-1.7.0+ds/subrip.h
Examining data/gpsbabel-1.7.0+ds/swapdata.cc
Examining data/gpsbabel-1.7.0+ds/swapdata.h
Examining data/gpsbabel-1.7.0+ds/tef_xml.cc
Examining data/gpsbabel-1.7.0+ds/teletype.cc
Examining data/gpsbabel-1.7.0+ds/text.cc
Examining data/gpsbabel-1.7.0+ds/tiger.cc
Examining data/gpsbabel-1.7.0+ds/tmpro.cc
Examining data/gpsbabel-1.7.0+ds/tomtom.cc
Examining data/gpsbabel-1.7.0+ds/tpg.cc
Examining data/gpsbabel-1.7.0+ds/tpo.cc
Examining data/gpsbabel-1.7.0+ds/trackfilter.cc
Examining data/gpsbabel-1.7.0+ds/trackfilter.h
Examining data/gpsbabel-1.7.0+ds/transform.cc
Examining data/gpsbabel-1.7.0+ds/transform.h
Examining data/gpsbabel-1.7.0+ds/unicsv.cc
Examining data/gpsbabel-1.7.0+ds/unicsv.h
Examining data/gpsbabel-1.7.0+ds/units.cc
Examining data/gpsbabel-1.7.0+ds/units.h
Examining data/gpsbabel-1.7.0+ds/util.cc
Examining data/gpsbabel-1.7.0+ds/util_crc.cc
Examining data/gpsbabel-1.7.0+ds/v900.cc
Examining data/gpsbabel-1.7.0+ds/validate.cc
Examining data/gpsbabel-1.7.0+ds/validate.h
Examining data/gpsbabel-1.7.0+ds/vcf.cc
Examining data/gpsbabel-1.7.0+ds/vecs.cc
Examining data/gpsbabel-1.7.0+ds/vecs.h
Examining data/gpsbabel-1.7.0+ds/vidaone.cc
Examining data/gpsbabel-1.7.0+ds/vitosmt.cc
Examining data/gpsbabel-1.7.0+ds/vitovtt.cc
Examining data/gpsbabel-1.7.0+ds/vpl.cc
Examining data/gpsbabel-1.7.0+ds/waypt.cc
Examining data/gpsbabel-1.7.0+ds/wbt-200.cc
Examining data/gpsbabel-1.7.0+ds/wfff_xml.cc
Examining data/gpsbabel-1.7.0+ds/wintec_tes.cc
Examining data/gpsbabel-1.7.0+ds/xcsv.cc
Examining data/gpsbabel-1.7.0+ds/xcsv.h
Examining data/gpsbabel-1.7.0+ds/xmlgeneric.cc
Examining data/gpsbabel-1.7.0+ds/xmlgeneric.h
Examining data/gpsbabel-1.7.0+ds/xmltag.cc
Examining data/gpsbabel-1.7.0+ds/xol.cc
Examining data/gpsbabel-1.7.0+ds/yahoo.cc
Examining data/gpsbabel-1.7.0+ds/yahoo.h
Examining data/gpsbabel-1.7.0+ds/shape.cc
Examining data/gpsbabel-1.7.0+ds/shape.h
Examining data/gpsbabel-1.7.0+ds/energympro.cc
Examining data/gpsbabel-1.7.0+ds/energympro.h
Examining data/gpsbabel-1.7.0+ds/globalsat_sport.cc
Examining data/gpsbabel-1.7.0+ds/enigma.cc

FINAL RESULTS:

data/gpsbabel-1.7.0+ds/mtk_locus.cc:272:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(line, s, sizeof(line)-1);
data/gpsbabel-1.7.0+ds/mtk_locus.cc:543:3:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
  strncat(waiting_for, wait_for, sizeof(waiting_for)-1);
data/gpsbabel-1.7.0+ds/alan.cc:438:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(dest, len, fmt, n);
data/gpsbabel-1.7.0+ds/an1.cc:702:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(extra, "\r\nBy %s\r\n%s (%1.1f/%1.1f)",
data/gpsbabel-1.7.0+ds/an1.cc:714:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(extra, "{URL=%s}", CSTR(l.url_));
data/gpsbabel-1.7.0+ds/arcdist.cc:213:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME "-arc: %u waypoint(s) removed.\n", removed);
data/gpsbabel-1.7.0+ds/bcr.cc:187:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME ": We calculate with radius %f meters.\n", radius);
data/gpsbabel-1.7.0+ds/brauniger_iq.cc:111:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME ": Flight Number: %d\n", data[0]);
data/gpsbabel-1.7.0+ds/brauniger_iq.cc:118:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME ": Data Length: %d\n", remaining);
data/gpsbabel-1.7.0+ds/brauniger_iq.cc:124:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME ": Serial Number: %d\n", (data[0] << 8) + data[1]);
data/gpsbabel-1.7.0+ds/brauniger_iq.cc:130:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME ": Pilot Name: %.25s\n", data);
data/gpsbabel-1.7.0+ds/brauniger_iq.cc:146:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME ": Max Altitude 1: %dm\n", (data[0] << 8) + data[1]);
data/gpsbabel-1.7.0+ds/brauniger_iq.cc:152:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME ": Max Altitude 2: %dm\n", (data[0] << 8) + data[1]);
data/gpsbabel-1.7.0+ds/brauniger_iq.cc:159:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME ": Max climb: %d.%dm/s\n", i / 10, i % 10);
data/gpsbabel-1.7.0+ds/brauniger_iq.cc:166:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME ": Flight Time: %d:%d\n", i / 100, i % 100);
data/gpsbabel-1.7.0+ds/brauniger_iq.cc:173:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME ": Logging Interval: %ds\n", interval);
data/gpsbabel-1.7.0+ds/brauniger_iq.cc:184:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME ": Start Time: %s", ctime(&start));
data/gpsbabel-1.7.0+ds/brauniger_iq.cc:194:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME ": End Time: %s", ctime(&finish));
data/gpsbabel-1.7.0+ds/brauniger_iq.cc:214:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME ": remaining=%d, Altitude=%fm, ", remaining, wpt->altitude);
data/gpsbabel-1.7.0+ds/compegps.cc:173:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME "_read_wpt: col(%d)=%s\n", col, c);
data/gpsbabel-1.7.0+ds/compegps.cc:238:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME "_read_wpt_info: col(%d)=%s\n", col, c);
data/gpsbabel-1.7.0+ds/compegps.cc:288:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME "_read_trkpt: col(%d)=%s\n", col, c);
data/gpsbabel-1.7.0+ds/compegps.cc:325:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME "_read_track_info: col(%d)=%s\n", col, c);
data/gpsbabel-1.7.0+ds/compegps.cc:353:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME "_read_rte_info: col(%d)=%s\n", col, c);
data/gpsbabel-1.7.0+ds/cst.cc:259:18:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
        if (5 != sscanf(cin, "%lf %lf %lf %d %s",
data/gpsbabel-1.7.0+ds/csv_util.cc:701:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(subformat, formatptr);
data/gpsbabel-1.7.0+ds/defs.h:130:11:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define snprintf _snprintf
data/gpsbabel-1.7.0+ds/defs.h:130:20:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define snprintf _snprintf
data/gpsbabel-1.7.0+ds/defs.h:131:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define vsnprintf _vsnprintf
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:277:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(descr, temp_descr);	/* here is no need to check target size */
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:297:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME ": Loaded %d track point(s) from source.\n", points);
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:299:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME ": ! %d dropped because of missing data (no time, no coordinates) !\n", dropped);
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:551:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(vdata, wpt->icon_descr.toUtf8().data());
data/gpsbabel-1.7.0+ds/deprecated/coto.cc:364:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(notes, "%s\nNotes:\n%s", wpt->description, wpt->notes);
data/gpsbabel-1.7.0+ds/deprecated/coto.cc:383:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(rec->notes, notes);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:472:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vfprintf(stderr, fmt, ap);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:1583:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy((char*)m.data + 1, CSTRc(track->rte_name));
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:1961:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy((char*)m.data + 1, CSTRc(route->rte_name));
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2896:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(raw_name, "/dev/%s", d->d_name);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2904:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(dev_name, "/dev/usb/hiddev%s", raw_name + sizeof("/dev/hidraw") - 1);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2907:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(dev_name, "/dev/hiddev%s", raw_name + sizeof("/dev/hidraw") - 1);
data/gpsbabel-1.7.0+ds/deprecated/gcdb.cc:200:1:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
strcpy(tbufp, (const char*)data);
data/gpsbabel-1.7.0+ds/deprecated/geoniche.cc:511:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME "-date: %04d/%02d/%02d, %02d:%02d (%04d/%02d/%02d, %02d:%02d)\n",
data/gpsbabel-1.7.0+ds/deprecated/google.cc:226:38:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
      wpt_tmp->shortname = QString().sprintf( "\\%5.5x", serial++);
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:293:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf(track_head->rte_name, "%s #%s", trk_name, trk_seg_num_buf);
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:337:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf(track_head->rte_name, "%s #%s", trk_name, trk_seg_num_buf);
data/gpsbabel-1.7.0+ds/deprecated/mag_pdb.cc:130:22:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
            if (4 != sscanf(comma, "%d %s (%d,%d)", &i, buff, &xlon, &xlat)) {
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:321:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME ": ole_test_properties for \"%s\" (%d bytes):", name, p->data_sz);
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:341:11:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
          printf(MYNAME ": special block at %d\n", prev);
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:345:11:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
          printf(MYNAME "-new sector: %d\n", sector);
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:395:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-head: (version.revision) = %d.%d\n", head.ver, head.rev);
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:396:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-head: byte-order = %d\n", head.byte_order);
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:397:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-head: big fat start sector =  %d (0x%x)\n", head.fat1[0], (head.fat1[0] + 1) * 512);
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:398:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-head: big fat blocks = %d\n", head.fat1_blocks);
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:399:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-head: big fat block size = %d\n", (1 << head.fat1_size_shift));
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:400:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-head: small fat start sector = %d\n", head.fat2_start);
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:401:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-head: small fat blocks = %d\n", head.fat2_blocks);
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:402:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-head: small fat block size = %d\n", (1 << head.fat2_size_shift));
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:403:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-head: big fat minimum length = %d\n", head.fat1_min_size);
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:404:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-head: property catalog start sector = %d\n", head.prop_start);
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:405:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-head: additional big fat blocks = %d\n", head.fat1_extra_ct);
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:406:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-head: additional big fat start sector = %d (0x%x)\n", head.fat1_extra_start, (head.fat1_extra_start + 1) * 512);
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:420:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-big fat: %d maximum sectors, size in memory %d, max. datasize %d bytes\n",
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:211:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(groups[i].name,akttxt);
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:234:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(name,groups[i].name);
data/gpsbabel-1.7.0+ds/deprecated/palmdoc.cc:343:12:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
  newlen = vsprintf(txt, format, list);
data/gpsbabel-1.7.0+ds/deprecated/palmdoc.cc:359:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy((char *) buf.data+buf.len, txt2);
data/gpsbabel-1.7.0+ds/deprecated/palmdoc.cc:419:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(bookmarktext, "%6s:%9s",
data/gpsbabel-1.7.0+ds/deprecated/palmdoc.cc:424:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(bookmarktext, "%16s", s);
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:121:3:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vprintf(format, args);
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:162:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(res, tmp);
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:229:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(res, src);
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:418:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME ": Date from first record is %s.\n", cx);
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:419:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME ": Please use option 'date' to specify how this is formatted.\n");
data/gpsbabel-1.7.0+ds/deprecated/pdbfile.cc:43:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  vsnprintf(buff, sizeof(buff), fmt, args);
data/gpsbabel-1.7.0+ds/deprecated/psitrex.cc:398:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(rtename, psit_current_token);
data/gpsbabel-1.7.0+ds/deprecated/psitrex.cc:514:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(trkname, psit_current_token);
data/gpsbabel-1.7.0+ds/dg-100.cc:140:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, fmt, ap);
data/gpsbabel-1.7.0+ds/energympro.cc:162:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " rd_deinit()\n");
data/gpsbabel-1.7.0+ds/energympro.cc:170:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME "  filesize=%u\n", size);
data/gpsbabel-1.7.0+ds/energympro.cc:193:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " rd_deinit()\n");
data/gpsbabel-1.7.0+ds/energympro.cc:202:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME "  waypoint_read()\n");
data/gpsbabel-1.7.0+ds/energympro.cc:261:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " data_read()\n");
data/gpsbabel-1.7.0+ds/exif.cc:382:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME ": api = %02X, len = %u (0x%04x), offs = 0x%08X\n", app->marker & 0xFF, app->len, app->len, gbftell(fin_));
data/gpsbabel-1.7.0+ds/exif.cc:387:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(MYNAME ": compressed data size = %u\n", gbftell(app->fcache));
data/gpsbabel-1.7.0+ds/exif.cc:463:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME "-offs 0x%08X: Number of items in IFD%d \"%s\" = %d (0x%04x)\n",
data/gpsbabel-1.7.0+ds/exif.cc:582:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME "-offs 0x%08X: ifd=%d id=0x%04X t=0x%04X c=%4u s=%4u",
data/gpsbabel-1.7.0+ds/exif.cc:633:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME "-offs 0x%08X: Next IFD=0x%08X\n", next_ifd_offs,  ifd->next_ifd);
data/gpsbabel-1.7.0+ds/exif.cc:648:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME ": read_app...\n");
data/gpsbabel-1.7.0+ds/exif.cc:690:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME ": endianess = 0x%04X\n", endianess);
data/gpsbabel-1.7.0+ds/exif.cc:882:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME "-GPSLatitude =  %12.7f\n", wpt->latitude);
data/gpsbabel-1.7.0+ds/exif.cc:883:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME "-GPSLongitude = %12.7f\n", wpt->longitude);
data/gpsbabel-1.7.0+ds/exif.cc:914:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME "-GPSAltitude =  %12.7f m\n", wpt->altitude);
data/gpsbabel-1.7.0+ds/exif.cc:936:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(MYNAME "-GPSSpeed = %12.2f m/s\n", wpt->speed);
data/gpsbabel-1.7.0+ds/exif.cc:956:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME "-GPSTimeStamp =   %s\n", qPrintable(gps_datetime.toString(Qt::ISODate)));
data/gpsbabel-1.7.0+ds/fatal.cc:46:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vfprintf(stderr, fmt, ap);
data/gpsbabel-1.7.0+ds/fatal.cc:56:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vfprintf(stderr, fmt, ap);
data/gpsbabel-1.7.0+ds/fatal.cc:68:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vfprintf(stderr, fmt, ap);
data/gpsbabel-1.7.0+ds/garmin_txt.cc:1022:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(fields, headers[ht]);
data/gpsbabel-1.7.0+ds/garmin_xt.cc:144:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(p_trk_name, trk_name);
data/gpsbabel-1.7.0+ds/gbfile.cc:81:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(openmode, mode);
data/gpsbabel-1.7.0+ds/gbfile.cc:733:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    len = vsnprintf(file->buff, file->buffsz, format, args);
data/gpsbabel-1.7.0+ds/gbser.cc:35:5:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vprintf(msg, ap);
data/gpsbabel-1.7.0+ds/gbser_win.cc:158:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(obuf, len, DEV_PREFIX "%s", comname);
data/gpsbabel-1.7.0+ds/gdb.cc:434:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME ": Reading Garmin GPS Database version %d.0\n", gdb_ver);
data/gpsbabel-1.7.0+ds/gdb.cc:499:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME "-wpt \"%s\" (%d): Altitude = %.1f\n",
data/gpsbabel-1.7.0+ds/gdb.cc:506:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-wpt \"%s\": coordinates = %c%0.6f %c%0.6f\n",
data/gpsbabel-1.7.0+ds/gdb.cc:514:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-wpt \"%s\" (%d): notes = %s\n",
data/gpsbabel-1.7.0+ds/gdb.cc:522:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME "-wpt \"%s\" (%d): Proximity = %.1f\n",
data/gpsbabel-1.7.0+ds/gdb.cc:529:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-wpt \"%s\" (%d): display = %d\n",
data/gpsbabel-1.7.0+ds/gdb.cc:558:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME "-wpt \"%s\" (%d): Depth = %.1f\n",
data/gpsbabel-1.7.0+ds/gdb.cc:578:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME "-wpt \"%s\" (%d): Unknown string = %s\n",
data/gpsbabel-1.7.0+ds/gdb.cc:607:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME "-wpt \"%s\" (%d): duration = %u\n",
data/gpsbabel-1.7.0+ds/gdb.cc:618:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(MYNAME "-wpt \"%s\" (%d): url(%d) = %s\n",
data/gpsbabel-1.7.0+ds/gdb.cc:627:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-wpt \"%s\" (%d): description = %s\n",
data/gpsbabel-1.7.0+ds/gdb.cc:630:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-wpt \"%s\" (%d): url = %s\n",
data/gpsbabel-1.7.0+ds/gdb.cc:639:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-wpt \"%s\" (%d): category = %d\n",
data/gpsbabel-1.7.0+ds/gdb.cc:647:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME "-wpt \"%s\" (%d): temperature = %.1f\n",
data/gpsbabel-1.7.0+ds/gdb.cc:676:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-wpt \"%s\" (%d): icon = \"%s\" (MapSource symbol %d)\n",
data/gpsbabel-1.7.0+ds/gdb.cc:729:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-rte \"%s\": loading route with %d point(s)...\n",
data/gpsbabel-1.7.0+ds/gdb.cc:772:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME "-rte_pt \"%s\" (%d): %d interlink step(s)\n",
data/gpsbabel-1.7.0+ds/gdb.cc:804:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(MYNAME "-rte_il \"%s\" (%d of %d): %c%0.6f %c%0.6f\n",
data/gpsbabel-1.7.0+ds/gdb.cc:853:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME "-rte_pt \"%s\": coordinates = %c%0.6f, %c%0.6f\n",
data/gpsbabel-1.7.0+ds/gdb.cc:901:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME "-rte_pt: autoroute info: route style %d, calculation type %d, vehicle type %d, road selection %d\n"
data/gpsbabel-1.7.0+ds/gdb.cc:982:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-trk \"%s\": url = %s\n",
data/gpsbabel-1.7.0+ds/globalsat_sport.cc:77:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " serial_deinit()\n");
data/gpsbabel-1.7.0+ds/globalsat_sport.cc:82:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " serial_deinit() Done\n");
data/gpsbabel-1.7.0+ds/globalsat_sport.cc:266:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " rd_init()\n");
data/gpsbabel-1.7.0+ds/globalsat_sport.cc:271:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " rd_init() creating dumpfile %s FAILED continue anyway\n", opt_dump_file);
data/gpsbabel-1.7.0+ds/globalsat_sport.cc:274:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(MYNAME " rd_init() creating dumpfile %s for writing binary copy of serial stream\n", opt_dump_file);
data/gpsbabel-1.7.0+ds/globalsat_sport.cc:303:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " rd_deinit()\n");
data/gpsbabel-1.7.0+ds/globalsat_sport.cc:321:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " rd_deinit() Done\n");
data/gpsbabel-1.7.0+ds/globalsat_sport.cc:329:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME "   waypoint_read()\n");
data/gpsbabel-1.7.0+ds/globalsat_sport.cc:352:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME "   track_read()\n");
data/gpsbabel-1.7.0+ds/globalsat_sport.cc:668:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME "   route_read() TODO\n");
data/gpsbabel-1.7.0+ds/globalsat_sport.cc:676:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " read()\n");
data/gpsbabel-1.7.0+ds/gpssim.cc:132:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(obuf, tbuf);
data/gpsbabel-1.7.0+ds/gui/mainwindow.cc:225:25:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  loadLanguage(QLocale::system().name());
data/gpsbabel-1.7.0+ds/gui/mainwindow.cc:256:36:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  QString defaultLocale = QLocale::system().name();       // e.g. "de_DE"
data/gpsbabel-1.7.0+ds/gui/mainwindow.cc:330:33:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
      QString locale = QLocale::system().name();
data/gpsbabel-1.7.0+ds/holux.cc:168:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(strTmp,shortstr);
data/gpsbabel-1.7.0+ds/igc.cc:296:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(trk_desc, HDRMAGIC HDRDELIM);
data/gpsbabel-1.7.0+ds/igc.cc:688:5:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    sscanf(CSTR(rte->rte_desc), DATEMAGIC "%6[0-9]: %s", flight_date, task_desc);
data/gpsbabel-1.7.0+ds/igc.cc:777:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME ": pressure landing time %s", ctime(&pres_time));
data/gpsbabel-1.7.0+ds/igc.cc:796:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME ": speed=%f\n", speed);
data/gpsbabel-1.7.0+ds/igc.cc:801:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME ": gnss landing time %s", ctime(&gnss_time));
data/gpsbabel-1.7.0+ds/igc.cc:881:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME ": adjusting time by %ds\n", time_adj);
data/gpsbabel-1.7.0+ds/itracku.cc:116:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(stderr, MYNAME ": ");
data/gpsbabel-1.7.0+ds/itracku.cc:117:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr,msg, ap);
data/gpsbabel-1.7.0+ds/jeeps/gpsapp.cc:234:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  (void) strcpy(gps_save_string,(char*)rec.data+4);
data/gpsbabel-1.7.0+ds/jeeps/gpsmath.cc:1365:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  (void) strcpy(map,UKNG[idx]);
data/gpsbabel-1.7.0+ds/jeeps/gpsserial.cc:81:7:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  b = vsnprintf(msg, sizeof(msg), mb, ap);
data/gpsbabel-1.7.0+ds/jeeps/gpsserial.cc:390:7:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  b = vsnprintf(msg, sizeof(msg), mb, ap);
data/gpsbabel-1.7.0+ds/jeeps/gpsserial.cc:398:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(msg, strerror(errno));
data/gpsbabel-1.7.0+ds/jeeps/jgpsutil.cc:511:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, fmt, argp);
data/gpsbabel-1.7.0+ds/jeeps/jgpsutil.cc:600:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stdout, fmt, argp);
data/gpsbabel-1.7.0+ds/jeeps/jgpsutil.cc:665:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stdout, fmt, argp);
data/gpsbabel-1.7.0+ds/kml.cc:92:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME ": kml_color_sequencer seq %f %d, step %f\n",kml_color_sequencer.seq, color_seq, kml_color_sequencer.step);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:170:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " adding waypt %s (%s) to table at index %d\n",
data/gpsbabel-1.7.0+ds/lowranceusr.cc:194:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " lowranceusr4_find_waypt: warning, failed finding waypoint with ids %u %d %d\n",
data/gpsbabel-1.7.0+ds/lowranceusr.cc:216:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " lowranceusr4_find_global_waypt: warning, failed finding waypoint with ids %08x %08x %08x %08x\n",
data/gpsbabel-1.7.0+ds/lowranceusr.cc:426:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " parse_waypt: %5d", object_num);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:473:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " parse_waypt: Waypt name = '%s' Lat = %+f Lon = %+f alt = ",
data/gpsbabel-1.7.0+ds/lowranceusr.cc:500:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " parse_waypt: creation time '%s', waypt_time %ld\n",
data/gpsbabel-1.7.0+ds/lowranceusr.cc:522:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " parse_waypt: waypt_type = %d\n",waypt_type);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:632:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " parse_waypoints: ");
data/gpsbabel-1.7.0+ds/lowranceusr.cc:660:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " parse_waypoints: version = %d, name = %s, uid_unit = %u, "
data/gpsbabel-1.7.0+ds/lowranceusr.cc:683:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " parse_waypts: Num Waypoints = %d\n", NumWaypoints);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:688:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " parse_waypts: ");
data/gpsbabel-1.7.0+ds/lowranceusr.cc:694:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " parse_waypoints: ");
data/gpsbabel-1.7.0+ds/lowranceusr.cc:705:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " parse_waypoints: ");
data/gpsbabel-1.7.0+ds/lowranceusr.cc:716:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " parse_waypts: Number Name            Longitude       Latitude       Altitude       Time            ");
data/gpsbabel-1.7.0+ds/lowranceusr.cc:722:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " parse_waypts: ------ --------------- --------------- -------------- -------------- ----------------");
data/gpsbabel-1.7.0+ds/lowranceusr.cc:764:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " parse_route: Route '%s', Num Legs = %d", qPrintable(name), num_legs);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:774:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " parse_route:  Name            Longitude        Latitude       Altitude      Time             Unknown  ICON ID (dec)    Flag (dec) Depth (ft)\n");
data/gpsbabel-1.7.0+ds/lowranceusr.cc:775:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " parse_route:  --------------- ---------------  -------------- ------------- ---------------- -------- ---------------- ---------- ----------\n");
data/gpsbabel-1.7.0+ds/lowranceusr.cc:782:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " parse_route:");
data/gpsbabel-1.7.0+ds/lowranceusr.cc:811:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " parse_route: Unit %u (0x%08x)\n", fsdata->uid_unit, fsdata->uid_unit);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:821:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " parse_route: Version = %d\n", route_version);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:839:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " parse_route: route '%s' (UUID %08x %08x %8x %08x) has %d legs\n",
data/gpsbabel-1.7.0+ds/lowranceusr.cc:842:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " parse_route: route '%s' has %d legs\n",
data/gpsbabel-1.7.0+ds/lowranceusr.cc:856:11:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
          printf(MYNAME " parse_route: added leg #%d routepoint %s (%+.10f, %+.10f)\n",
data/gpsbabel-1.7.0+ds/lowranceusr.cc:872:11:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
          printf(MYNAME " parse_route: added leg #%d routepoint %s (%+.10f, %+.10f)\n",
data/gpsbabel-1.7.0+ds/lowranceusr.cc:889:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " parse_route: end of route %02x\n", gbfgetc(file_in));
data/gpsbabel-1.7.0+ds/lowranceusr.cc:909:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " parse_routes: Num Routes = %d\n", num_routes);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:935:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " parse_icons: Num Event Marker Icons = %d\n", num_icons);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:959:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(MYNAME " parse_icons: '%s' %d %16.16s %+15.10f %+15.10f\n",
data/gpsbabel-1.7.0+ds/lowranceusr.cc:977:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " parse_trails: Trail '%s'\n", qPrintable(trk_head->rte_name));
data/gpsbabel-1.7.0+ds/lowranceusr.cc:984:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " parse_trails: Visible '%x' - %s\n", visible, (visible ? "Yes" : "No"));
data/gpsbabel-1.7.0+ds/lowranceusr.cc:991:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " parse_trails: Num Trail Points = %d\n", num_trail_points);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:998:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " parse_trails: Max Trail size = %d\n", itmp);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1008:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(MYNAME " parse_trails: Num Section Points = %d\n", num_section_points);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1032:11:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
          printf(MYNAME " parse_trails: Trail pt lat %f lon %f\n", wpt_tmp->latitude, wpt_tmp->longitude);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1058:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " parse_trails: trail Version %d\n", trail_version);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1070:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " parse_trails: Trail '%s'\n", qPrintable(trk_head->rte_name));
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1085:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " parse_trails: Comment '%s'\n", qPrintable(desc));
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1094:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " parse_trails: creation date/time = %s\n", qPrintable(qdt.toString("yyyy-MM-dd hh:mm:ss AP")));
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1099:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " parse_trails: unknown flag bytes %02x %02x %02x\n",
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1111:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " parse_trails: attribute count %4d : (", attr_count);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1134:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " parse_trails: trail %d name='%s' color=%d flags=%d has %d (%x) trailpoints\n",
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1138:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " parse_trails: Longitude      Latitude       Flag/Value pairs (01=Speed)\n");
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1139:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " parse_trails: -------------- -------------- -- -------- -- -------- -- --------\n");
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1158:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(MYNAME " parse_trails: %+14.9f %+14.9f", wpt_tmp->longitude, wpt_tmp->latitude);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1161:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(MYNAME " parse_trails: added trailpoint %+.9f,%+.9f to trail %s\n",
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1199:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " parse_trails: Num Trails = %d\n", num_trails);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1221:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " input_file: USR File Format %d (Version = %d)\n", reading_version, rstream_version);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1233:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " input_file: Unknown %d (%x)\n", unknown, unknown);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1239:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " file title: '%s'\n", qPrintable(title));
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1245:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " date string: '%s'\n", qPrintable(creation_date));
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1254:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " creation date/time : '%s'\n", qPrintable(qdt.toString("yyyy-MM-dd hh:mm:ss AP")));
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1263:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " device serial number: %u\n", serial_num);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1269:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " content description: '%s'\n", qPrintable(comment));
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1325:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " waypt_disp: Waypt name = '%s' Lat = %+16.10f  Lon = %+16.10f  Alt = %f\n",
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1338:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " waypt_disp: Waypt name = '%s' ", qPrintable(name));
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1494:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " waypt_pr: waypoint #%d\n",waypt_out_count);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1514:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " writing %d waypoints\n", waypt_table->size());
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1521:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " writing out waypt %d (%s - %s)\n",
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1586:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " trail_hdr: trail name '%s' ", qPrintable(trk->rte_name));
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1640:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " route_hdr: route name \"%s\" num_legs = %d\n",
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1648:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " writing route #%d (%s) with %d waypts\n",
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1695:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(MYNAME " wrote route leg with waypt '%s'\n", qPrintable(wpt->shortname));
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1717:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " trail_disp: Trail point #%d lat = %f long = %f\n",trail_point_count, wpt->latitude, wpt->longitude);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1749:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " trail_hdr: trail name = %s\n", CSTR(name));
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1768:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " merge_trail_tlr: num_trail_points = %d\nmax_trail_size = %d\nnum_section_points = %d\n",
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1788:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " writing trail %d (%s) with %d trailpoints\n",
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1870:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " data_write: Num Waypoints = %d\n", NumWaypoints);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1906:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " data_write: Title = '%s'\n", qPrintable(buf));
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1936:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " data_write: Description = '%s'\n", qPrintable(buf));
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1953:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MYNAME " data_write: Num routes = %d\n", NumRoutes);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:2056:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME " data_write: Num trails = %d\n", NumTrails);
data/gpsbabel-1.7.0+ds/maggeo.cc:225:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(buf, cleansed2);
data/gpsbabel-1.7.0+ds/main.cc:173:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(
data/gpsbabel-1.7.0+ds/main.cc:441:75:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        warning(MYNAME ": QLocale::system() is %s\n", qPrintable(QLocale::system().name()));
data/gpsbabel-1.7.0+ds/mkshort.cc:149:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(name, tbuf);
data/gpsbabel-1.7.0+ds/mkshort.cc:151:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(&name[l-dl], tbuf);
data/gpsbabel-1.7.0+ds/mkshort.cc:216:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(istring, ostring);
data/gpsbabel-1.7.0+ds/mkshort.cc:242:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(&s[origslen - rl], r->replacement);
data/gpsbabel-1.7.0+ds/mmo.cc:165:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME "-%s: ", sobj);
data/gpsbabel-1.7.0+ds/mmo.cc:166:3:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vprintf(fmt, args);
data/gpsbabel-1.7.0+ds/mmo.cc:1050:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME ": EOF reached, nice!!!\n");
data/gpsbabel-1.7.0+ds/mmo.cc:1051:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME ": =======================================\n\n");
data/gpsbabel-1.7.0+ds/mtk_locus.cc:574:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr,msg, ap);
data/gpsbabel-1.7.0+ds/mtk_logger.cc:294:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr,msg, ap);
data/gpsbabel-1.7.0+ds/mtk_logger.cc:393:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(*rslt, &line[expect_len+1]);
data/gpsbabel-1.7.0+ds/mtk_logger.cc:1084:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      slen += sprintf(&sstr[slen], "%s%.2d"
data/gpsbabel-1.7.0+ds/netstumbler.cc:160:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(ssid, &field[2]); /* zap "( " */
data/gpsbabel-1.7.0+ds/netstumbler.cc:181:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(mac, &field[2]);	/* zap "( " */
data/gpsbabel-1.7.0+ds/parse.cc:181:10:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    ct = sscanf(str, format,
data/gpsbabel-1.7.0+ds/parse.cc:188:10:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    ct = sscanf(str, format,
data/gpsbabel-1.7.0+ds/parse.cc:199:10:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    ct = sscanf(str, format,
data/gpsbabel-1.7.0+ds/parse.cc:212:10:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    ct = sscanf(str, format,
data/gpsbabel-1.7.0+ds/parse.cc:226:10:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    ct = sscanf(str, format,
data/gpsbabel-1.7.0+ds/parse.cc:243:10:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    ct = sscanf(str, format,
data/gpsbabel-1.7.0+ds/pocketfms_bc.cc:137:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(bc.id, header_id);
data/gpsbabel-1.7.0+ds/sbn.cc:160:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME ": Username: %s\n", username);
data/gpsbabel-1.7.0+ds/sbn.cc:161:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME ": Serial Number: %s\n", serial_num);
data/gpsbabel-1.7.0+ds/sbn.cc:162:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME ": Log rate (seconds): %s\n", log_rate);
data/gpsbabel-1.7.0+ds/sbn.cc:163:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(MYNAME ": Firmware version: %s\n", version);
data/gpsbabel-1.7.0+ds/skytraq.cc:153:5:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vprintf(msg, ap);
data/gpsbabel-1.7.0+ds/trackfilter.cc:394:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(MYNAME "-merge: %d track point(s) merged, %d dropped.\n", track_waypt_count(), original_waypt_count - track_waypt_count());
data/gpsbabel-1.7.0+ds/trackfilter.cc:453:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(MYNAME ": interval %f seconds\n", interval);
data/gpsbabel-1.7.0+ds/trackfilter.cc:484:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(MYNAME ": distance %f meters\n", distance);
data/gpsbabel-1.7.0+ds/trackfilter.cc:510:11:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
          printf(MYNAME ": new day %s\n", qPrintable(buff.at(j)->GetCreationTime().toLocalTime().date().toString(Qt::ISODate)));
data/gpsbabel-1.7.0+ds/trackfilter.cc:528:13:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            printf(MYNAME ": sdistance, %g > %g\n", curdist, distance);
data/gpsbabel-1.7.0+ds/trackfilter.cc:540:13:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            printf(MYNAME ": split, %g > %g\n", tr_interval, interval);
data/gpsbabel-1.7.0+ds/trackfilter.cc:548:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(MYNAME ": splitting new track\n");
data/gpsbabel-1.7.0+ds/util.cc:163:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(src, newd);
data/gpsbabel-1.7.0+ds/util.cc:304:15:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    outsize = vsnprintf(buf, bufsize, fmt, args);
data/gpsbabel-1.7.0+ds/util.cc:548:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  vsnprintf(buff, sizeof(buff), fmt, args);
data/gpsbabel-1.7.0+ds/util.cc:1025:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(d, replace);
data/gpsbabel-1.7.0+ds/util.cc:1028:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(d, p + slen);
data/gpsbabel-1.7.0+ds/util.cc:1585:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(tmp, str);
data/gpsbabel-1.7.0+ds/util.cc:1603:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(p, ep->entity);
data/gpsbabel-1.7.0+ds/util.cc:1604:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(p + elen, xstr);
data/gpsbabel-1.7.0+ds/util.cc:1626:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(p, xstr);
data/gpsbabel-1.7.0+ds/v900.cc:153:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vfprintf(stderr, fmt, ap);
data/gpsbabel-1.7.0+ds/v900.cc:356:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(vox_file_name,vox);
data/gpsbabel-1.7.0+ds/vecs.cc:471:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(VEC_FMT, qPrintable(vec.name), qPrintable(vec.desc));
data/gpsbabel-1.7.0+ds/vecs.cc:494:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(VEC_FMT, qPrintable(vec.name), qPrintable(vec.desc));
data/gpsbabel-1.7.0+ds/wbt-200.cc:139:5:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vprintf(msg, ap);
data/gpsbabel-1.7.0+ds/wbt-200.cc:542:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
  sprintf(wp_name, fmt, index);
data/gpsbabel-1.7.0+ds/xcsv.cc:311:12:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
  int ac = sscanf(s, format, &hour, &min, &sec, ampm);
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:261:7:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
      srand((unsigned) current_time().toTime_t());
data/gpsbabel-1.7.0+ds/util.cc:221:38:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  return QString::fromLocal8Bit(std::getenv(env_var));
data/gpsbabel-1.7.0+ds/util.cc:742:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  static bool testmode = getenv("GPSBABEL_FREEZE_TIME") != nullptr;
data/gpsbabel-1.7.0+ds/alan.cc:68:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[WPT_NAME_LEN];
data/gpsbabel-1.7.0+ds/alan.cc:69:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char comment[WPT_COMMENT_LEN];
data/gpsbabel-1.7.0+ds/alan.cc:91:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[RTE_NAME_LEN];
data/gpsbabel-1.7.0+ds/alan.cc:92:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char comment[RTE_COMMENT_LEN];
data/gpsbabel-1.7.0+ds/alan.cc:110:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[TRK_NAME_LEN];		/* 10, null terminated */
data/gpsbabel-1.7.0+ds/alan.cc:111:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char comment[TRK_COMMENT_LEN];	/* 12, null terminated */
data/gpsbabel-1.7.0+ds/alan.cc:213:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char ptr[4];
data/gpsbabel-1.7.0+ds/alan.cc:216:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&ptr[0], &test, sizeof test);
data/gpsbabel-1.7.0+ds/alan.cc:818:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(trkhdr[idx].name, "T%03d", idx);
data/gpsbabel-1.7.0+ds/an1.cc:112:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char c[6];
data/gpsbabel-1.7.0+ds/an1.cc:352:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(wpt->url, ofs, len);
data/gpsbabel-1.7.0+ds/an1.cc:361:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(wpt->comment, ofs, len);
data/gpsbabel-1.7.0+ds/an1.cc:935:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    wpt_type_num = atoi(opt_wpt_type);
data/gpsbabel-1.7.0+ds/an1.cc:965:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    output_type_num = atoi(output_type);
data/gpsbabel-1.7.0+ds/an1.cc:1107:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    opt_zoom_num = atoi(opt_zoom);
data/gpsbabel-1.7.0+ds/bcr.cc:256:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char station[32];
data/gpsbabel-1.7.0+ds/bcr.cc:456:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    target_rte_num = atoi(rtenum_opt);
data/gpsbabel-1.7.0+ds/brauniger_iq.cc:234:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char ibuf[25];
data/gpsbabel-1.7.0+ds/bushnell.cc:222:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tbuf[20]; // 19 text bytes + null terminator.
data/gpsbabel-1.7.0+ds/bushnell.cc:223:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char padding[2] = {0, 0};
data/gpsbabel-1.7.0+ds/bushnell_trl.cc:38:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char h[0x14]; // Believed to be zero terminated.
data/gpsbabel-1.7.0+ds/bushnell_trl.cc:58:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char obuf[20] = { 0 } ;
data/gpsbabel-1.7.0+ds/cet.cc:45:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char trash[16];
data/gpsbabel-1.7.0+ds/compegps.cc:127:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char month[4];
data/gpsbabel-1.7.0+ds/compegps.cc:128:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  tm->tm_mday = atoi(c);
data/gpsbabel-1.7.0+ds/compegps.cc:132:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int year = atoi(c + 7);
data/gpsbabel-1.7.0+ds/compegps.cc:146:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  tm->tm_hour = atoi(c);
data/gpsbabel-1.7.0+ds/compegps.cc:147:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  tm->tm_min = atoi(c+3);
data/gpsbabel-1.7.0+ds/compegps.cc:148:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  tm->tm_sec = atoi(c+6);
data/gpsbabel-1.7.0+ds/compegps.cc:542:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[128];
data/gpsbabel-1.7.0+ds/compegps.cc:631:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    target_index = atoi(option_index);
data/gpsbabel-1.7.0+ds/compegps.cc:637:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      snlen = atoi(option_snlen);
data/gpsbabel-1.7.0+ds/cst.cc:112:11:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
          strcat(dest, "%20");
data/gpsbabel-1.7.0+ds/cst.cc:242:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char name[256];
data/gpsbabel-1.7.0+ds/cst.cc:291:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      cst_version = atoi(cin);
data/gpsbabel-1.7.0+ds/deprecated/axim_gpb.cc:48:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&f, &i, 4);
data/gpsbabel-1.7.0+ds/deprecated/axim_gpb.cc:141:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[RECORD_LEN];
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:104:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char 		id[2];
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:225:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char descr[(2 * TRACK_POINT_SIZE) + 1];
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:226:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char temp_descr[TRACK_POINT_SIZE + 1];
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:550:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
      strcat(vdata, " (");
data/gpsbabel-1.7.0+ds/deprecated/coto.cc:74:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char lon[8];
data/gpsbabel-1.7.0+ds/deprecated/coto.cc:75:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char lat[8];
data/gpsbabel-1.7.0+ds/deprecated/coto.cc:76:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[MAX_MARKER_NAME_LENGTH];
data/gpsbabel-1.7.0+ds/deprecated/coto.cc:77:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char notes[1];
data/gpsbabel-1.7.0+ds/deprecated/coto.cc:83:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef char appinfo_category[16];
data/gpsbabel-1.7.0+ds/deprecated/coto.cc:154:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[CATEGORY_NAME_LENGTH + 1] = "Not Assigned";
data/gpsbabel-1.7.0+ds/deprecated/coto.cc:220:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char temp[256];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:230:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char object_name[64];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:252:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[1];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:266:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[1];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:300:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[32];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:312:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char comment[1];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:318:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[32];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:328:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char comment[1];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:351:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[32];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:364:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char exit_label[1];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:375:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[64];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:384:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[64];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:434:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char company[32];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:435:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char product[32];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:436:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char firmware[32];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:437:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char gps_firmware[48];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:438:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char serial[16];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:439:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char extra[16];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:699:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, p, nn);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:719:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, p, n);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:724:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(buf, p, n);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:731:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(m->buf + 2, buf, 8);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:824:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(a, old_a, i * sizeof(message_t));
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:890:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(batch_array, old, batch_array_i * sizeof(*batch_array));
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:1113:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(wp->notes, old, notes_i);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:1123:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(wp->notes + notes_i, s + 2, nn);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:1216:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  if (gc_sym && opt_gcsym && atoi(opt_gcsym)) {
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:1322:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(*notes, fd->handle.mem, *notes_size);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:1344:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p->name, name, p->name_size);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:1351:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pp, notes, n);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:1447:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(p->name, CSTRc(name), name_size - 1);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:1459:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pp + 2, notes, notes_size - 1);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:1814:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(p->name, "%lu", (long)wp_array[0]->GetCreationTime().toTime_t());
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:1821:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p->comment, CSTRc(track->rte_desc), comment_size);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:1847:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[32];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:1852:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "SHP%03u", j);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:1937:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(wp->notes, fd->handle.mem, fd->memlen);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2149:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(p->name, "RPT%u", route_point_i);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2211:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(p->name, "%lu", (long)wp_array[0]->GetCreationTime().toTime_t());
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2304:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[256];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2488:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[300];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2536:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf1[257];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2545:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, buf1 + 1, n);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2553:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf1[257];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2556:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf1 + 1, buf, size);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2619:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(packet_array[packet_array_head], report_buf, delbin_os_packet_size);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2669:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  ir = (*device)->open(device, kIOHIDOptionsTypeSeizeDevice);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2714:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, packet_array[packet_array_tail++], delbin_os_packet_size);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2879:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd_hidraw = open(raw_name, O_RDONLY);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2883:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd_hiddev = open(dev_name, O_WRONLY);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2894:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char raw_name[32];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2895:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char dev_name[32];
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2897:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      fd1 = open(raw_name, O_RDONLY);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2905:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      fd2 = open(dev_name, O_WRONLY);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2908:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fd2 = open(dev_name, O_WRONLY);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:3359:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char last_name[32];
data/gpsbabel-1.7.0+ds/deprecated/gcdb.cc:40:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	fldname[4];
data/gpsbabel-1.7.0+ds/deprecated/gcdb.cc:126:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
lat_deg = atoi(recdata);
data/gpsbabel-1.7.0+ds/deprecated/gcdb.cc:133:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
lon_deg = atoi(recdata);
data/gpsbabel-1.7.0+ds/deprecated/gcdb.cc:186:1:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
memcpy(&rec->dbfld[rec_cnt],tbuf, length);
data/gpsbabel-1.7.0+ds/deprecated/gcdb.cc:222:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char tbuf[100];
data/gpsbabel-1.7.0+ds/deprecated/gcdb.cc:236:1:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tbuf, "%d", (int) wpt->latitude);
data/gpsbabel-1.7.0+ds/deprecated/gcdb.cc:239:1:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tbuf, "%f", 60 * (wpt->latitude -
data/gpsbabel-1.7.0+ds/deprecated/gcdb.cc:247:1:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tbuf, "%d", (int) wpt->longitude);
data/gpsbabel-1.7.0+ds/deprecated/gcdb.cc:250:1:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tbuf, "%f", 60 * (wpt->longitude -
data/gpsbabel-1.7.0+ds/deprecated/gcdb.cc:255:1:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tbuf, "%f", wpt->gc_data->diff / 10.0);
data/gpsbabel-1.7.0+ds/deprecated/gcdb.cc:260:1:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tbuf, "%f", wpt->gc_data->terr / 10.0);
data/gpsbabel-1.7.0+ds/deprecated/geoniche.cc:99:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
id2gid(char gid[6+1], int id)
data/gpsbabel-1.7.0+ds/deprecated/geoniche.cc:226:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		gid[6+1];
data/gpsbabel-1.7.0+ds/deprecated/geoniche.cc:256:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    id = atoi(p);
data/gpsbabel-1.7.0+ds/deprecated/geoniche.cc:271:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    route_id = atoi(p);
data/gpsbabel-1.7.0+ds/deprecated/geoniche.cc:346:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    icon = atoi(p);
data/gpsbabel-1.7.0+ds/deprecated/geoniche.cc:680:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tbuf[10240];
data/gpsbabel-1.7.0+ds/deprecated/geoniche.cc:728:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		datestr[10+1];
data/gpsbabel-1.7.0+ds/deprecated/geoniche.cc:729:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		timestr[8+1];
data/gpsbabel-1.7.0+ds/deprecated/geoniche.cc:756:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(datestr, "01/01/1904");	/* this seems to be the uninitialized date value for geoniche */
data/gpsbabel-1.7.0+ds/deprecated/geoniche.cc:757:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(timestr, "00:00:00");
data/gpsbabel-1.7.0+ds/deprecated/google.cc:85:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char goog_segname[7];
data/gpsbabel-1.7.0+ds/deprecated/google.cc:249:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  src.open(QIODevice::ReadOnly);
data/gpsbabel-1.7.0+ds/deprecated/google.cc:436:11:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
          strcpy(end,"/table></div>");
data/gpsbabel-1.7.0+ds/deprecated/google.cc:441:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(end, "/div></div>");
data/gpsbabel-1.7.0+ds/deprecated/google.cc:462:15:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
              strcpy(to, "&amp;utm");
data/gpsbabel-1.7.0+ds/deprecated/google.cc:488:17:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                strcpy(to, "/tr><");
data/gpsbabel-1.7.0+ds/deprecated/google.cc:500:25:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            FILE* foo = fopen("foo.xml", "w");
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:46:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ident[6];			/* identifier */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:47:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char lat[4];		/* position */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:48:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char lon[4];		/* position */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:49:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char unused[4];	/* should be set to zero */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:50:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cmnt[40];			/* comment */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:65:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char smbl[2];              /* waypoint symbol              2 */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:66:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char subclass[18];         /* subclass                    18 */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:67:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char lat[4];		/* position */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:68:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char lon[4];		/* position */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:72:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char state[2];		       /* state                        2 */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:73:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cc[2];			       /* country code                 2 */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:74:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char varlenstrs[1];			/* start of variable length strings */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:85:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char ident[51];	       /* identifier (50 + '0') */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:87:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char cmnt[51];	       /* comment (50 + '0') */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:97:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[256];		       /* nom du groupe de trackpoints */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:102:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char number[2];	       /* number of track points */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:103:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char latmin[4];	       /* latitude min */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:104:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char latmax[4];	       /* latitude max */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:105:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char lonmin[4];	       /* longitude min */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:106:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char lonmax[4];	       /* longitude max */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:107:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char unused2[2];          /* type of following track points */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:112:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char lat[4];		/* position */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:113:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char lon[4];		/* position */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:114:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char time[4];
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:115:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char alt[4];
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:121:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char lat[4];		/* position */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:122:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char lon[4];		/* position */
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:221:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char trk_seg_num_buf[10];
data/gpsbabel-1.7.0+ds/deprecated/mapopolis.cc:37:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	unk[6];
data/gpsbabel-1.7.0+ds/deprecated/mapopolis.cc:44:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	name[31+1];
data/gpsbabel-1.7.0+ds/deprecated/mapopolis.cc:45:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	unk2[35];
data/gpsbabel-1.7.0+ds/deprecated/mapopolis.cc:47:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	unk3[4];
data/gpsbabel-1.7.0+ds/deprecated/mapopolis.cc:48:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char	expcode[4];
data/gpsbabel-1.7.0+ds/deprecated/mapopolis.cc:57:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char unknown[10];
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:252:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    mpsmergeout = atoi(mpsmergeouts);
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:331:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char hdr[100];
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:371:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char hdr[100];
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:373:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(hdr, "MsRc");
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:404:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(hdr+7,"Oct 20 1999");
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:405:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(hdr+19,"12:50:33");
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:408:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(hdr+7,"Oct 22 2001");
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:409:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(hdr+19,"15:45:33");
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:413:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(hdr+7,"Jul  3 2003");
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:414:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(hdr+19,"08:35:33");
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:435:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char hdr[100];
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:489:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char hdr[100];
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:509:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tbuf[100];
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:510:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char wptname[MPSNAMEBUFFERLEN];
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:595:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char zbuf[25];
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:596:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ffbuf[25];
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:844:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tbuf[100];
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:845:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char wptname[MPSNAMEBUFFERLEN];
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:1087:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		hdr[20];
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:1088:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		zbuf[20];
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:1157:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(hdr, "Route%04x", (unsigned) uniqueValue);
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:1241:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		zbuf[20];
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:1242:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		ffbuf[20];
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:1410:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		hdr[2];
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:1525:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		hdr[20];
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:1547:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(hdr, "Track%04x", (unsigned) uniqueValue);
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:1591:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char zbuf[10];
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:1777:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char	copybuf[8192];
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:1779:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int short_length = atoi(snlen);
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:1786:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      if (mps_ver_temp != atoi(mpsverout)) {
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:1794:99:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        fatal(MYNAME ": merge source version is %d, requested out version is %d\n", mps_ver_temp, atoi(mpsverout));
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:1798:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(mpsverout,"%d", mps_ver_temp);
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:1803:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    mps_ver_out = atoi(mpsverout);
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:1813:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    setshort_whitespace_ok(mkshort_handle, atoi(snwhiteopt));
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:41:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char masm[4];		/* "MASM " */
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:70:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char ole_magic[8] = {
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:86:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char magic[8];
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:87:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char clsid[16];
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:270:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(buff + offs, temp + block_offs, blocksize);
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:307:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[OLE_MAX_NAME_LENGTH + 1];
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:221:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[MAXLINE];
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:231:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(name,"undef(%d)",grp); /* pseudo name*/
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:232:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(name,"?%d",grp);
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:284:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            aktTyp = atoi(pstr);
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:287:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            aktGroup = atoi(pstr);
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:299:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            aktCol = atoi(pstr);
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:304:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            aktSize = atoi(pstr);
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:307:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            aktArt = atoi(pstr);
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:310:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            aktArea = atoi(pstr);
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:327:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            aktTrans = atoi(pstr);
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:330:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            aktTransByte = atoi(pstr);
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:342:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            aktWidth = atoi(pstr);
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:345:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            aktHeight = atoi(pstr);
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:348:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            aktDir = atoi(pstr);
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:442:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                *(p->argval) = atoi(pstr) ? xstrdup(pstr) : NULL;
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:469:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    govl_col = atoi(govl_col_s);
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:472:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    govl_size = atoi(govl_size_s);
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:478:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    govl_zoomfc = atoi(govl_zoomfc_s);
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:481:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    govl_dimmfc = atoi(govl_dimmfc_s);
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:484:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    govl_txtcol = atoi(govl_txtcol_s);
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:487:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    govl_txtsize = atoi(govl_txtsize_s);
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:490:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    govl_font = atoi(govl_font_s);
data/gpsbabel-1.7.0+ds/deprecated/palmdoc.cc:114:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char text[16];
data/gpsbabel-1.7.0+ds/deprecated/palmdoc.cc:407:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tbuf[1024];
data/gpsbabel-1.7.0+ds/deprecated/palmdoc.cc:415:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char bookmarktext[17];
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:79:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char reservedA[274];		/* all 0 */
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:83:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char vehicleStr[VEHICLE_LEN];
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:84:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char reservedB[100];           /* all 0 */
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:168:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *str_pool[STR_POOL_SIZE];
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:619:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    len = atoi(opt_snlen);
data/gpsbabel-1.7.0+ds/deprecated/pdbfile.cc:39:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[128];
data/gpsbabel-1.7.0+ds/deprecated/pdbfile.cc:56:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[256];
data/gpsbabel-1.7.0+ds/deprecated/pdbfile.cc:64:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(res, buff, count);
data/gpsbabel-1.7.0+ds/deprecated/pdbfile.cc:67:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&res[bytes], buff, count);
data/gpsbabel-1.7.0+ds/deprecated/pdbfile.cc:283:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(rec->data, data, size);
data/gpsbabel-1.7.0+ds/deprecated/pdbfile.h:53:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[PDB_DBNAMELEN + 1];	/* database name */
data/gpsbabel-1.7.0+ds/deprecated/psitrex.cc:63:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char psit_current_token[256];
data/gpsbabel-1.7.0+ds/deprecated/psitrex.cc:182:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  if (atoi(desc) > 0) {
data/gpsbabel-1.7.0+ds/deprecated/psitrex.cc:183:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return atoi(desc);
data/gpsbabel-1.7.0+ds/deprecated/psitrex.cc:391:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char rtename[256];
data/gpsbabel-1.7.0+ds/deprecated/psitrex.cc:396:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(rtename, "ROUTE");
data/gpsbabel-1.7.0+ds/deprecated/psitrex.cc:506:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char trkname[256];
data/gpsbabel-1.7.0+ds/deprecated/psitrex.cc:512:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(trkname, "TRACK");
data/gpsbabel-1.7.0+ds/deprecated/psitrex.cc:738:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    short_length = atoi(snlen);
data/gpsbabel-1.7.0+ds/deprecated/psp.cc:199:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[MAXPSPSTRINGSIZE + 1];
data/gpsbabel-1.7.0+ds/deprecated/psp.cc:278:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tbuf[64];
data/gpsbabel-1.7.0+ds/deprecated/quovadis.cc:180:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(rec_ptr, rec, sizeof(*rec));
data/gpsbabel-1.7.0+ds/deprecated/quovadis.h:34:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[32];
data/gpsbabel-1.7.0+ds/deprecated/quovadis.h:44:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char	reserved[8];
data/gpsbabel-1.7.0+ds/destinator.cc:266:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char TXT[4] = "TXT";
data/gpsbabel-1.7.0+ds/destinator.cc:274:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buff[20];
data/gpsbabel-1.7.0+ds/destinator.cc:332:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[16];
data/gpsbabel-1.7.0+ds/dg-100.cc:287:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(frame + 5, payload, param_len);
data/gpsbabel-1.7.0+ds/dg-100.cc:515:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, data, copysize);
data/gpsbabel-1.7.0+ds/discard.cc:148:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    satpf = atoi(satopt);
data/gpsbabel-1.7.0+ds/discard.cc:154:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    eleminpf = atoi(eleminopt);
data/gpsbabel-1.7.0+ds/discard.cc:158:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    elemaxpf = atoi(elemaxopt);
data/gpsbabel-1.7.0+ds/dmtlog.cc:404:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[128];
data/gpsbabel-1.7.0+ds/dmtlog.cc:562:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char out[DEFLATE_BUFF_SIZE];
data/gpsbabel-1.7.0+ds/dmtlog.cc:597:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(cout+bytes, out, have);
data/gpsbabel-1.7.0+ds/dmtlog.cc:781:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  track_index = atoi(opt_index);
data/gpsbabel-1.7.0+ds/duplicate.cc:147:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char shortname[32];
data/gpsbabel-1.7.0+ds/duplicate.cc:148:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lat[13];
data/gpsbabel-1.7.0+ds/duplicate.cc:149:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lon[13];
data/gpsbabel-1.7.0+ds/duplicate.cc:178:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(dupe.lat, "%11.4f", waypointp->latitude);
data/gpsbabel-1.7.0+ds/duplicate.cc:179:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(dupe.lon, "%11.4f", waypointp->longitude);
data/gpsbabel-1.7.0+ds/duplicate.cc:184:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(dupe.lat, "%11.3f", degrees2ddmm(waypointp->latitude));
data/gpsbabel-1.7.0+ds/duplicate.cc:185:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(dupe.lon, "%11.3f", degrees2ddmm(waypointp->longitude));
data/gpsbabel-1.7.0+ds/easygps.cc:41:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ibuf[100] = {'0'} ;
data/gpsbabel-1.7.0+ds/easygps.cc:79:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ibuf[10];
data/gpsbabel-1.7.0+ds/energympro.h:108:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char          VersionProduct[15];
data/gpsbabel-1.7.0+ds/enigma.cc:78:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char            shortname[6];   // ASCII, unused characters are "don't care" values
data/gpsbabel-1.7.0+ds/enigma.cc:80:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char            longname[27];   // ASCII, unused characters are "don't care" values
data/gpsbabel-1.7.0+ds/enigma.cc:191:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ewpt.shortname, CSTRc(wpt->shortname), ewpt.shortname_len);
data/gpsbabel-1.7.0+ds/enigma.cc:195:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ewpt.longname, CSTRc(wpt->description), ewpt.longname_len);
data/gpsbabel-1.7.0+ds/exif.cc:1569:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    qint64 frame = atoi(opt_frame);
data/gpsbabel-1.7.0+ds/exif.cc:1620:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[16];
data/gpsbabel-1.7.0+ds/f90g_track.cc:55:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char header[HEADERRECORDSIZE];
data/gpsbabel-1.7.0+ds/f90g_track.cc:90:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char northSouth, eastWest, velocityMark, ttRec[TTRECORDSIZE], tempBuf[20];
data/gpsbabel-1.7.0+ds/g7towin.cc:119:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                          atoi(cin), PCX);
data/gpsbabel-1.7.0+ds/g7towin.cc:204:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      categories = atoi(cin);
data/gpsbabel-1.7.0+ds/g7towin.cc:206:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        garmin_fs_t::set_category(gmsd, atoi(cin));
data/gpsbabel-1.7.0+ds/g7towin.cc:464:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                            atoi(cdata), PCX);
data/gpsbabel-1.7.0+ds/garmin.cc:305:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    setshort_length(mkshort_handle, atoi(snlen));
data/gpsbabel-1.7.0+ds/garmin.cc:311:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    setshort_whitespace_ok(mkshort_handle, atoi(snwhiteopt));
data/gpsbabel-1.7.0+ds/garmin.cc:630:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tbuf[128];
data/gpsbabel-1.7.0+ds/garmin.cc:670:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(tbuf, "#%d-0", index);
data/gpsbabel-1.7.0+ds/garmin.cc:672:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(tbuf, "D:%f Cal:%d MS:%f AH:%d MH:%d AC:%d I:%d T:%d",
data/gpsbabel-1.7.0+ds/garmin.cc:693:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tbuf, "#%d", index);
data/gpsbabel-1.7.0+ds/garmin.cc:695:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tbuf, "D:%f Cal:%d MS:%f AH:%d MH:%d AC:%d I:%d T:%d (%f,%f)",
data/gpsbabel-1.7.0+ds/garmin.cc:936:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obuf[256];
data/gpsbabel-1.7.0+ds/garmin.cc:957:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tx_waylist[i]->ident, ident, strlen(ident));
data/gpsbabel-1.7.0+ds/garmin.cc:968:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(tx_waylist[i]->cmnt, CSTRc(wpt->description), strlen(CSTRc(wpt->description)));
data/gpsbabel-1.7.0+ds/garmin.cc:976:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(tx_waylist[i]->cmnt, obuf, strlen(obuf));
data/gpsbabel-1.7.0+ds/garmin.cc:978:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(tx_waylist[i]->cmnt, CSTRc(src), strlen(CSTRc(src)));
data/gpsbabel-1.7.0+ds/garmin.cc:1016:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      tx_waylist[i]->category = 1 << (atoi(category) - 1);
data/gpsbabel-1.7.0+ds/garmin.cc:1137:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf((*cur_tx_tracklist_entry)->trk_ident, "TRACK%02d", my_track_count);
data/gpsbabel-1.7.0+ds/garmin_device_xml.cc:131:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (QFile(fname).open(QIODevice::ReadOnly)) {
data/gpsbabel-1.7.0+ds/garmin_fit.cc:98:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sig[4];
data/gpsbabel-1.7.0+ds/garmin_fit.cc:188:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[2];
data/gpsbabel-1.7.0+ds/garmin_fit.cc:208:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[4];
data/gpsbabel-1.7.0+ds/garmin_fs.h:125:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char subclass[22]{};
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:157:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char S3[9];		/* "GRMRECnn" */
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:159:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char POI[4];		/* "POI" */
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:160:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char S8[3];
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:344:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char stime[32];
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:1541:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int sleep = atoi(opt_sleep);
data/gpsbabel-1.7.0+ds/garmin_tables.cc:580:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char res[3];
data/gpsbabel-1.7.0+ds/garmin_txt.cc:292:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char map[3], zonec;
data/gpsbabel-1.7.0+ds/garmin_txt.cc:376:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tbuf[32];
data/gpsbabel-1.7.0+ds/garmin_txt.cc:755:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fout->open(fname, QIODevice::WriteOnly, MYNAME, "Windows-1252");
data/gpsbabel-1.7.0+ds/garmin_txt.cc:761:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    precision = atoi(opt_precision);
data/gpsbabel-1.7.0+ds/garmin_txt.cc:797:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      utc_offs = atoi(opt_utc);
data/gpsbabel-1.7.0+ds/garmin_txt.cc:913:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[256];
data/gpsbabel-1.7.0+ds/garmin_txt.cc:1307:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      WAYPT_SET(wpt, course, atoi(str));
data/gpsbabel-1.7.0+ds/garmin_txt.cc:1322:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fin->open(fname, QIODevice::ReadOnly, MYNAME, "Windows-1252");
data/gpsbabel-1.7.0+ds/garmin_xt.cc:91:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		trk_name[30]="";
data/gpsbabel-1.7.0+ds/garmin_xt.cc:97:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    method = atoi(opt_trk_header);
data/gpsbabel-1.7.0+ds/garmin_xt.cc:329:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char 	buf[3];
data/gpsbabel-1.7.0+ds/garmin_xt.cc:333:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    method = atoi(opt_trk_header);
data/gpsbabel-1.7.0+ds/gbfile.cc:75:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char openmode[32];
data/gpsbabel-1.7.0+ds/gbfile.cc:421:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, self->handle.mem + self->mempos, count);
data/gpsbabel-1.7.0+ds/gbfile.cc:442:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(self->handle.mem + self->mempos, buf, count);
data/gpsbabel-1.7.0+ds/gbfile.cc:920:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[4];
data/gpsbabel-1.7.0+ds/gbfile.cc:939:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[2];
data/gpsbabel-1.7.0+ds/gbfile.cc:958:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[8];
data/gpsbabel-1.7.0+ds/gbfile.cc:973:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[4];
data/gpsbabel-1.7.0+ds/gbfile.cc:1009:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(result, str, len);
data/gpsbabel-1.7.0+ds/gbfile.cc:1057:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buff[8];
data/gpsbabel-1.7.0+ds/gbfile.cc:1108:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&result[len], buff, clen);
data/gpsbabel-1.7.0+ds/gbfile.cc:1186:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[2];
data/gpsbabel-1.7.0+ds/gbfile.cc:1203:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[4];
data/gpsbabel-1.7.0+ds/gbfile.cc:1220:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[8];
data/gpsbabel-1.7.0+ds/gbfile.cc:1233:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[4];
data/gpsbabel-1.7.0+ds/gbfile.cc:1278:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[1024];
data/gpsbabel-1.7.0+ds/gbser_posix.cc:42:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char   inbuf[BUFSIZE];
data/gpsbabel-1.7.0+ds/gbser_posix.cc:145:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  } else if (h->fd = open(port_name, O_RDWR | O_NOCTTY), h->fd == -1) {
data/gpsbabel-1.7.0+ds/gbser_posix.cc:263:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(cp, h->inbuf, count);
data/gpsbabel-1.7.0+ds/gbser_posix.cc:404:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (fd = open(port_name, O_RDWR | O_NOCTTY), fd == -1) {
data/gpsbabel-1.7.0+ds/gbser_posix.cc:434:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gb_com_buffer[100];
data/gpsbabel-1.7.0+ds/gbser_win.cc:38:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char   inbuf[BUFSIZE];
data/gpsbabel-1.7.0+ds/gbser_win.cc:168:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gb_com_buffer[100];
data/gpsbabel-1.7.0+ds/gbser_win.cc:278:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(cp, h->inbuf, count);
data/gpsbabel-1.7.0+ds/gdb.cc:409:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[128];
data/gpsbabel-1.7.0+ds/gdb.cc:460:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[128];		/* used for temporary stuff */
data/gpsbabel-1.7.0+ds/gdb.cc:465:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char subclass[22];
data/gpsbabel-1.7.0+ds/gdb.cc:707:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tbuf[128];
data/gpsbabel-1.7.0+ds/gdb.cc:734:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[128];
data/gpsbabel-1.7.0+ds/gdb.cc:1160:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[128], tbuff[32];
data/gpsbabel-1.7.0+ds/gdb.cc:1269:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char zbuf[32], ffbuf[32];
data/gpsbabel-1.7.0+ds/gdb.cc:1422:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char zbuf[32], ffbuf[32];
data/gpsbabel-1.7.0+ds/gdb.cc:1744:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  gdb_category = (gdb_opt_category) ? atoi(gdb_opt_category) : 0;
data/gpsbabel-1.7.0+ds/gdb.cc:1745:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  gdb_ver = (gdb_opt_ver && *gdb_opt_ver) ? atoi(gdb_opt_ver) : 0;
data/gpsbabel-1.7.0+ds/gdb.cc:1786:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    gdb_ver = atoi(gdb_opt_ver);
data/gpsbabel-1.7.0+ds/geo.cc:106:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  file.open(QIODevice::ReadOnly);
data/gpsbabel-1.7.0+ds/geojson.cc:38:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	ifd->open(QIODevice::ReadOnly | QIODevice::Text);
data/gpsbabel-1.7.0+ds/geojson.cc:45:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  ofd->open(QIODevice::WriteOnly);
data/gpsbabel-1.7.0+ds/ggv_bin.cc:483:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (!file.open(QIODevice::ReadOnly)) {
data/gpsbabel-1.7.0+ds/ggv_log.cc:56:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char magic[32];
data/gpsbabel-1.7.0+ds/gnav_trl.cc:72:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[sizeof(float)];
data/gpsbabel-1.7.0+ds/gnav_trl.cc:80:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[sizeof(float)];
data/gpsbabel-1.7.0+ds/gopal.cc:174:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tbuffer[64];
data/gpsbabel-1.7.0+ds/gpssim.cc:63:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  splitfiles = splitfiles_opt ? atoi(splitfiles_opt) : 0;
data/gpsbabel-1.7.0+ds/gpssim.cc:101:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char obuf[1024];
data/gpsbabel-1.7.0+ds/gpssim.cc:110:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char obuf[1024];
data/gpsbabel-1.7.0+ds/gpssim.cc:126:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tbuf[20];
data/gpsbabel-1.7.0+ds/gpsutil.cc:65:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char desc[31];
data/gpsbabel-1.7.0+ds/gpsutil.cc:70:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char icon[3];
data/gpsbabel-1.7.0+ds/gpx.cc:102:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  setshort_length(mkshort_handle, atoi(snlen));
data/gpsbabel-1.7.0+ds/gpx.cc:919:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  iqfile->open(QIODevice::ReadOnly);
data/gpsbabel-1.7.0+ds/gpx.cc:950:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  oqfile->open(QIODevice::WriteOnly | QIODevice::Text);
data/gpsbabel-1.7.0+ds/gpx.cc:1638:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  elevation_precision = atoi(opt_elevation_precision);
data/gpsbabel-1.7.0+ds/gtm.cc:67:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[2];
data/gpsbabel-1.7.0+ds/gtm.cc:125:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[1024];
data/gpsbabel-1.7.0+ds/gtrnctr.cc:44:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gtc_sportlist[MAX_SPORTS][16] = { "Biking", "Running", "MultiSport", "Other" };
data/gpsbabel-1.7.0+ds/gtrnctr.cc:201:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  gtc_course_flag = atoi(opt_course);
data/gpsbabel-1.7.0+ds/gtrnctr.cc:505:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char cbuf[10];
data/gpsbabel-1.7.0+ds/gui/gpx.cc:218:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (!file.open(QIODevice::ReadOnly)) {
data/gpsbabel-1.7.0+ds/gui/mainwindow.cc:1016:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    ftemp.open();
data/gpsbabel-1.7.0+ds/gui/map.cc:104:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (dbgdata_->open(QFile::WriteOnly | QIODevice::Truncate)) {
data/gpsbabel-1.7.0+ds/gui/serial_win.cc:49:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char DevList[64*1024-1];  // a single byte more, and certain versions of windows
data/gpsbabel-1.7.0+ds/hiketech.cc:137:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tbuf[80];
data/gpsbabel-1.7.0+ds/holux.cc:80:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[9];
data/gpsbabel-1.7.0+ds/holux.cc:81:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char desc[90];
data/gpsbabel-1.7.0+ds/holux.cc:153:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char strOut[MAX_STRINGLEN];
data/gpsbabel-1.7.0+ds/holux.cc:154:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char strTmp[MAX_STRINGLEN];
data/gpsbabel-1.7.0+ds/holux.cc:211:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(pWptHxTmp->name,"W%d",sIndex);
data/gpsbabel-1.7.0+ds/holux.h:79:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[8];				        /* wpt name  */
data/gpsbabel-1.7.0+ds/holux.h:80:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char comment[12];			        /* comment string */
data/gpsbabel-1.7.0+ds/holux.h:103:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[8];				         /* route name */
data/gpsbabel-1.7.0+ds/holux.h:104:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char comment[12];			         /* comment string */
data/gpsbabel-1.7.0+ds/humminbird.cc:74:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char     name[WPT_NAME_LEN];
data/gpsbabel-1.7.0+ds/humminbird.cc:87:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char     name[RTE_NAME_LEN];
data/gpsbabel-1.7.0+ds/humminbird.cc:109:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char     name[20];
data/gpsbabel-1.7.0+ds/humminbird.cc:148:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[WPT_NAME_LEN];
data/gpsbabel-1.7.0+ds/humminbird.cc:347:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buff[10];
data/gpsbabel-1.7.0+ds/humminbird.cc:486:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char namebuf[TRK_NAME_LEN];
data/gpsbabel-1.7.0+ds/humminbird.cc:712:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&hum.name, CSTR(name), name.length());
data/gpsbabel-1.7.0+ds/igc.cc:47:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char manufacturer[4];
data/gpsbabel-1.7.0+ds/igc.cc:170:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char flight_date[7];
data/gpsbabel-1.7.0+ds/igc.cc:175:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char task_num[5];
data/gpsbabel-1.7.0+ds/igc.cc:176:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char task_desc[MAXRECLEN];
data/gpsbabel-1.7.0+ds/igc.cc:179:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char lat_hemi[2], lon_hemi[2];
data/gpsbabel-1.7.0+ds/igc.cc:180:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char short_name[8];
data/gpsbabel-1.7.0+ds/igc.cc:181:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp_str[MAXRECLEN];
data/gpsbabel-1.7.0+ds/igc.cc:278:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char lat_hemi[2], lon_hemi[2];
data/gpsbabel-1.7.0+ds/igc.cc:291:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp_str[20];
data/gpsbabel-1.7.0+ds/igc.cc:294:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char trk_desc[MAXDESCLEN + 1];
data/gpsbabel-1.7.0+ds/igc.cc:547:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char str[18] = "";
data/gpsbabel-1.7.0+ds/igc.cc:570:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char str[7] = "";
data/gpsbabel-1.7.0+ds/igc.cc:580:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char str[7] = "";
data/gpsbabel-1.7.0+ds/igc.cc:654:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char flight_date[7] = "000000";
data/gpsbabel-1.7.0+ds/igc.cc:655:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char task_desc[MAXRECLEN] = "";
data/gpsbabel-1.7.0+ds/ignrando.cc:210:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[32];
data/gpsbabel-1.7.0+ds/ignrando.cc:213:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    track_index = atoi(index_opt);
data/gpsbabel-1.7.0+ds/igo8.cc:276:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char header[IGO8_HEADER_SIZE] = {};
data/gpsbabel-1.7.0+ds/igo8.cc:295:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    tmp_id_block.track_number = atoi(igo8_option_tracknum);
data/gpsbabel-1.7.0+ds/inifile.cc:61:25:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  return QFile(inipath).open(QIODevice::ReadOnly) ? inipath : QString();
data/gpsbabel-1.7.0+ds/inifile.cc:71:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (QFile(envstr).open(QIODevice::ReadOnly)) {
data/gpsbabel-1.7.0+ds/inifile.cc:186:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  file.open(QFile::ReadOnly);
data/gpsbabel-1.7.0+ds/itracku.cc:88:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char update_data_buffer[1024];
data/gpsbabel-1.7.0+ds/itracku.cc:157:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, update_data_buffer_read, len);
data/gpsbabel-1.7.0+ds/itracku.cc:163:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(update_data_buffer, update_data_buffer_read, update_data_buffer_write - update_data_buffer_read);
data/gpsbabel-1.7.0+ds/itracku.cc:744:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char line[1024];
data/gpsbabel-1.7.0+ds/jeeps/garminusb.h:36:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pkt_id[2];
data/gpsbabel-1.7.0+ds/jeeps/garminusb.h:39:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char datasz[4];
data/gpsbabel-1.7.0+ds/jeeps/garminusb.h:40:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char databuf[1]; /* actually an variable length array... */
data/gpsbabel-1.7.0+ds/jeeps/garminusb.h:42:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char dbuf[1024];
data/gpsbabel-1.7.0+ds/jeeps/gps.h:28:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char gps_categories[16][17];
data/gpsbabel-1.7.0+ds/jeeps/gps.h:58:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  desc[MAX_GPS_PACKET_SIZE];
data/gpsbabel-1.7.0+ds/jeeps/gps.h:101:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char     trk_ident[256];	/* Track identifier */
data/gpsbabel-1.7.0+ds/jeeps/gps.h:125:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char   ident[256];
data/gpsbabel-1.7.0+ds/jeeps/gps.h:128:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char   cmnt[256];
data/gpsbabel-1.7.0+ds/jeeps/gps.h:132:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char   wpt_ident[256];
data/gpsbabel-1.7.0+ds/jeeps/gps.h:133:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char   lnk_ident[256];
data/gpsbabel-1.7.0+ds/jeeps/gps.h:136:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char   cc[2];
data/gpsbabel-1.7.0+ds/jeeps/gps.h:140:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char   city[24];
data/gpsbabel-1.7.0+ds/jeeps/gps.h:141:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char   state[2];
data/gpsbabel-1.7.0+ds/jeeps/gps.h:142:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char   name[30];
data/gpsbabel-1.7.0+ds/jeeps/gps.h:143:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char   facility[32];
data/gpsbabel-1.7.0+ds/jeeps/gps.h:144:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char   addr[52];
data/gpsbabel-1.7.0+ds/jeeps/gps.h:145:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char   cross_road[52];
data/gpsbabel-1.7.0+ds/jeeps/gps.h:153:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char   rte_cmnt[20];
data/gpsbabel-1.7.0+ds/jeeps/gps.h:154:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char   rte_ident[256];
data/gpsbabel-1.7.0+ds/jeeps/gps.h:157:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char   rte_link_subclass[18];
data/gpsbabel-1.7.0+ds/jeeps/gps.h:158:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char   rte_link_ident[256];
data/gpsbabel-1.7.0+ds/jeeps/gps.h:198:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char      course_name[16];          /* Null-terminated unique course name */
data/gpsbabel-1.7.0+ds/jeeps/gps.h:221:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char        name[11];               /* Null-terminated name */
data/gpsbabel-1.7.0+ds/jeeps/gps.h:269:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char   gps_save_string[GPS_ARB_LEN];
data/gpsbabel-1.7.0+ds/jeeps/gpsapp.cc:120:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	gps_save_string[GPS_ARB_LEN];
data/gpsbabel-1.7.0+ds/jeeps/gpsapp.cc:2023:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char gps_categories[16][17];
data/gpsbabel-1.7.0+ds/jeeps/gpsapp.cc:4494:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf((*trk)->trk_ident, "%d", identifier);
data/gpsbabel-1.7.0+ds/jeeps/gpscom.cc:1238:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(ctk[n_ctk]->trk_ident, "%u", crs[new_crs]->track_index);
data/gpsbabel-1.7.0+ds/jeeps/gpsdevice.cc:87:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(packet->data, data, n);
data/gpsbabel-1.7.0+ds/jeeps/gpslibusb.cc:239:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const unsigned char  oinit[12] =
data/gpsbabel-1.7.0+ds/jeeps/gpslibusb.cc:241:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const unsigned char  oid[12] =
data/gpsbabel-1.7.0+ds/jeeps/gpslibusb.cc:339:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char drvnm[128];
data/gpsbabel-1.7.0+ds/jeeps/gpslibusb.cc:565:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      req_unit_number = atoi(portname + 4);
data/gpsbabel-1.7.0+ds/jeeps/gpsprot.cc:351:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char s[GPS_ARB_LEN];
data/gpsbabel-1.7.0+ds/jeeps/gpsprot.cc:375:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  (void)sprintf(s,"INIT: No table entry for ID %d\n",id);
data/gpsbabel-1.7.0+ds/jeeps/gpsprot.cc:395:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char s[GPS_ARB_LEN];
data/gpsbabel-1.7.0+ds/jeeps/gpsprot.cc:397:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  (void) sprintf(s,"PROTOCOL ERROR: Unknown tag/data [%c/%d]\n",tag,data);
data/gpsbabel-1.7.0+ds/jeeps/gpsserial.cc:76:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char msg[200];
data/gpsbabel-1.7.0+ds/jeeps/gpsserial.cc:347:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((psd->fd = open(port, O_RDWR))==-1) {
data/gpsbabel-1.7.0+ds/jeeps/gpsserial.cc:385:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char msg[200];
data/gpsbabel-1.7.0+ds/jeeps/gpsusbcommon.cc:215:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const unsigned char  oid[12] =
data/gpsbabel-1.7.0+ds/jeeps/gpsusbcommon.cc:248:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char  oinit[12] =
data/gpsbabel-1.7.0+ds/jeeps/gpsusbread.cc:109:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(packet->data, &pkt.gusb_pkt.databuf, payload_size);
data/gpsbabel-1.7.0+ds/jeeps/gpsusbsend.cc:42:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&gp.gusb_pkt.databuf, packet.data, packet.n);
data/gpsbabel-1.7.0+ds/jeeps/gpsusbwin.cc:192:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char szTemp[MAX_PATH];
data/gpsbabel-1.7.0+ds/jeeps/gpsusbwin.cc:235:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      req_unit_number = atoi(pname+4);
data/gpsbabel-1.7.0+ds/jeeps/jgpsutil.cc:48:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char chars[sizeof(int32)];
data/gpsbabel-1.7.0+ds/jtr.cc:54:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      *milli = atoi(dot + 1) * 10;
data/gpsbabel-1.7.0+ds/jtr.cc:66:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int dmy = atoi(str);
data/gpsbabel-1.7.0+ds/jtr.cc:111:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[32];
data/gpsbabel-1.7.0+ds/jtr.cc:265:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char scourse[6], sspeed[8];
data/gpsbabel-1.7.0+ds/kml.cc:397:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  oqfile->open(QIODevice::WriteOnly | QIODevice::Text);
data/gpsbabel-1.7.0+ds/kml.cc:412:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  max_position_points = atoi(opt_max_position_points);
data/gpsbabel-1.7.0+ds/kml.cc:840:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (atoi(opt_labels)) {
data/gpsbabel-1.7.0+ds/kml.cc:1754:16:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  line_width = atol(opt_line_width);
data/gpsbabel-1.7.0+ds/kml.cc:1755:15:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  precision = atol(opt_precision);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:373:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  writing_version = atoi(opt_wversion);
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1923:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    opt_serialnum_i = atoi(opt_serialnum);
data/gpsbabel-1.7.0+ds/maggeo.cc:236:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char obuf[4096];
data/gpsbabel-1.7.0+ds/maggeo.cc:296:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(obuf + strlen(obuf), ",%3.1f",
data/gpsbabel-1.7.0+ds/maggeo.cc:303:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(obuf + strlen(obuf), ",%3.1f",
data/gpsbabel-1.7.0+ds/magproto.cc:395:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char version[1024];
data/gpsbabel-1.7.0+ds/magproto.cc:437:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ibuf[512];	/* oliskoli: corrupted data (I've seen descr with a lot
data/gpsbabel-1.7.0+ds/magproto.cc:637:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      static const char hex[17] = "0123456789ABCDEF";
data/gpsbabel-1.7.0+ds/magproto.cc:797:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    bitrate=atoi(bs);
data/gpsbabel-1.7.0+ds/magproto.cc:854:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    bitrate=atoi(bs);
data/gpsbabel-1.7.0+ds/magproto.cc:862:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    wptcmtcnt_max = atoi(cmts);
data/gpsbabel-1.7.0+ds/magproto.cc:944:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ifield[20][100];
data/gpsbabel-1.7.0+ds/magproto.cc:997:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int dmy = atoi(ifield[10]);
data/gpsbabel-1.7.0+ds/magproto.cc:1039:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char xbuf[100],next_stop[100],abuf[100];
data/gpsbabel-1.7.0+ds/magproto.cc:1206:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char shortname[100];
data/gpsbabel-1.7.0+ds/magproto.cc:1207:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char descr[256];
data/gpsbabel-1.7.0+ds/magproto.cc:1208:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char icon_token[100];
data/gpsbabel-1.7.0+ds/main.cc:87:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  file.open(QFile::ReadOnly);
data/gpsbabel-1.7.0+ds/mapasia.cc:89:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buff[TR7_S_SIZE];
data/gpsbabel-1.7.0+ds/mapasia.cc:212:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buff[TR7_S_SIZE];
data/gpsbabel-1.7.0+ds/mapfactor.cc:79:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  file.open(QIODevice::ReadOnly);
data/gpsbabel-1.7.0+ds/mapfactor.cc:102:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  oqfile->open(QIODevice::WriteOnly | QIODevice::Text);
data/gpsbabel-1.7.0+ds/mapsend.cc:74:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int opt_trkver = atoi(mapsend_opt_trkver);
data/gpsbabel-1.7.0+ds/mapsend.cc:120:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tbuf[256];
data/gpsbabel-1.7.0+ds/mapsend.cc:143:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(tbuf, "%c", wpt_icon + 'a');
data/gpsbabel-1.7.0+ds/mapsend.cc:145:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(tbuf, "a%c", wpt_icon - 26 + 'a');
data/gpsbabel-1.7.0+ds/mapsend.cc:184:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(tbuf, "%c", wpt_icon + 'a');
data/gpsbabel-1.7.0+ds/mapsend.cc:186:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(tbuf, "a%c", wpt_icon - 26 + 'a');
data/gpsbabel-1.7.0+ds/mapsend.cc:239:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[3];
data/gpsbabel-1.7.0+ds/mapsend.cc:253:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  mapsend_infile_version = atoi(buf);
data/gpsbabel-1.7.0+ds/mapsend.h:33:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ms_signature[11];
data/gpsbabel-1.7.0+ds/mapsend.h:34:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ms_version[2];
data/gpsbabel-1.7.0+ds/mapsend.h:36:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char _ms_type[3];
data/gpsbabel-1.7.0+ds/mkshort.cc:140:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tbuf[13];
data/gpsbabel-1.7.0+ds/mkshort.cc:145:14:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    int dl = sprintf(tbuf, ".%d", s->conflictctr);
data/gpsbabel-1.7.0+ds/mmo.cc:338:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[7];
data/gpsbabel-1.7.0+ds/mmo.cc:429:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[16];
data/gpsbabel-1.7.0+ds/mmo.cc:582:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[16];
data/gpsbabel-1.7.0+ds/mmo.cc:737:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[28];
data/gpsbabel-1.7.0+ds/mmo.cc:781:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[24];
data/gpsbabel-1.7.0+ds/mtk_locus.cc:101:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char line[1000];
data/gpsbabel-1.7.0+ds/mtk_locus.cc:107:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char waiting_for[20];
data/gpsbabel-1.7.0+ds/mtk_locus.cc:226:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    baudrate = atoi(opt_baudrate);
data/gpsbabel-1.7.0+ds/mtk_locus.cc:344:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    last_loxsequence = atoi(strtok(nullptr, "*")) - 1;
data/gpsbabel-1.7.0+ds/mtk_locus.cc:360:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int loxsequence = atoi(strtok(nullptr, ","));
data/gpsbabel-1.7.0+ds/mtk_locus.cc:453:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int type = atoi(strtok(nullptr, ","));
data/gpsbabel-1.7.0+ds/mtk_locus.cc:460:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  printf("Mode:     0x%02X\n", atoi(strtok(nullptr, ",")));
data/gpsbabel-1.7.0+ds/mtk_locus.cc:466:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int status = atoi(strtok(nullptr, ","));
data/gpsbabel-1.7.0+ds/mtk_locus.cc:484:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  switch (atoi(flag)) {
data/gpsbabel-1.7.0+ds/mtk_locus.cc:517:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cmd[100];
data/gpsbabel-1.7.0+ds/mtk_logger.cc:118:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char LOG_RST[16] = {
data/gpsbabel-1.7.0+ds/mtk_logger.cc:247:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char LIVE_CHAR[4] = {'-', '\\','|','/'};
data/gpsbabel-1.7.0+ds/mtk_logger.cc:329:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char line[256];
data/gpsbabel-1.7.0+ds/mtk_logger.cc:505:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    log_status = atoi(lstatus);
data/gpsbabel-1.7.0+ds/mtk_logger.cc:536:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cmd[256];
data/gpsbabel-1.7.0+ds/mtk_logger.cc:573:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    log_enabled = (atoi(fusage) & 2)?1:0;
data/gpsbabel-1.7.0+ds/mtk_logger.cc:809:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char spds[50];
data/gpsbabel-1.7.0+ds/mtk_logger.cc:815:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(spds, " when moving above %.0f km/h", mtk_info.speed/10.);
data/gpsbabel-1.7.0+ds/mtk_logger.cc:987:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ts_str[30];
data/gpsbabel-1.7.0+ds/mtk_logger.cc:1081:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sstr[40];
data/gpsbabel-1.7.0+ds/mtk_logger.cc:1088:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        slen += sprintf(&sstr[slen], "-%.2d", itm->sat_data[l].elevation);
data/gpsbabel-1.7.0+ds/mtk_logger.cc:1091:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        slen += sprintf(&sstr[slen], "-%.2d", itm->sat_data[l].azimut);
data/gpsbabel-1.7.0+ds/mtk_logger.cc:1094:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        slen += sprintf(&sstr[slen], "-%.2d", itm->sat_data[l].snr);
data/gpsbabel-1.7.0+ds/mtk_logger.cc:1118:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char hbuf[4];
data/gpsbabel-1.7.0+ds/mtk_logger.cc:1512:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buf[512];
data/gpsbabel-1.7.0+ds/mynav.cc:127:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  stream.open(read_fname, QIODevice::ReadOnly, "mynav");
data/gpsbabel-1.7.0+ds/navicache.cc:181:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  file.open(QIODevice::ReadOnly);
data/gpsbabel-1.7.0+ds/naviguide.cc:38:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char pad1[6];      /* 0xff, 0xff, 0x01, 0x00, 0x06, 0x00 */
data/gpsbabel-1.7.0+ds/naviguide.cc:39:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char signature[9]; /* cWaypoint */
data/gpsbabel-1.7.0+ds/naviguide.cc:40:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char pad2[4];      /* 0x01, 0x00, 0x00, 0x00 */
data/gpsbabel-1.7.0+ds/naviguide.cc:45:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char pad1[8];   /*  0xfe, 0xff, 0xff, 0xff, 0x01, 0x00, 0x00, 0x00 */
data/gpsbabel-1.7.0+ds/naviguide.cc:49:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char pad2[2];  /* 0x01, 0x01 */
data/gpsbabel-1.7.0+ds/naviguide.cc:55:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char pad1[2]; /* 0x01, 0x80 */
data/gpsbabel-1.7.0+ds/naviguide.cc:57:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char pad2[2]; /* 0x00, 0x00 */
data/gpsbabel-1.7.0+ds/naviguide.cc:62:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char strName[255];
data/gpsbabel-1.7.0+ds/naviguide.cc:75:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char strComment[101];
data/gpsbabel-1.7.0+ds/naviguide.cc:86:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char temp_short_name[5];
data/gpsbabel-1.7.0+ds/naviguide.cc:131:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char z[50];
data/gpsbabel-1.7.0+ds/naviguide.cc:232:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char z[50];
data/gpsbabel-1.7.0+ds/naviguide.cc:249:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(temp_short_name, "A%03d", current_wp_ix);
data/gpsbabel-1.7.0+ds/navilink.cc:253:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(packet + 5, payload, length);
data/gpsbabel-1.7.0+ds/navilink.cc:273:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[2];
data/gpsbabel-1.7.0+ds/navilink.cc:336:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(payload, data + 1, maxlength);
data/gpsbabel-1.7.0+ds/navilink.cc:338:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(payload, data + 1, size - 1);
data/gpsbabel-1.7.0+ds/navilink.cc:470:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char  information[32];
data/gpsbabel-1.7.0+ds/navilink.cc:485:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char  payload[7];
data/gpsbabel-1.7.0+ds/navilink.cc:523:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char data[32];
data/gpsbabel-1.7.0+ds/navilink.cc:524:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char id[2];
data/gpsbabel-1.7.0+ds/navilink.cc:544:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char  information[32];
data/gpsbabel-1.7.0+ds/navilink.cc:559:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char  payload[7];
data/gpsbabel-1.7.0+ds/navilink.cc:586:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char  information[32];
data/gpsbabel-1.7.0+ds/navilink.cc:587:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char  data[7];
data/gpsbabel-1.7.0+ds/navilink.cc:642:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char information[32];
data/gpsbabel-1.7.0+ds/navilink.cc:652:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char payload[7];
data/gpsbabel-1.7.0+ds/navilink.cc:653:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char routedata[320];
data/gpsbabel-1.7.0+ds/navilink.cc:715:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char id[1];
data/gpsbabel-1.7.0+ds/navilink.cc:842:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char  info[16];
data/gpsbabel-1.7.0+ds/navilink.cc:876:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char  payload[7];
data/gpsbabel-1.7.0+ds/navilink.cc:881:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char  logpoints[MAX_READ_LOGPOINTS * SBP_RECORD_LEN];
data/gpsbabel-1.7.0+ds/navilink.cc:926:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char data[32];
data/gpsbabel-1.7.0+ds/navilink.cc:959:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char data[32];
data/gpsbabel-1.7.0+ds/navilink.cc:974:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char data[32];
data/gpsbabel-1.7.0+ds/navilink.cc:1005:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char information[32];
data/gpsbabel-1.7.0+ds/navilink.cc:1006:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char data[7];
data/gpsbabel-1.7.0+ds/navilink.cc:1022:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char data[4];
data/gpsbabel-1.7.0+ds/navilink.cc:1032:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char data[4];
data/gpsbabel-1.7.0+ds/netstumbler.cc:91:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ssid[2 + 32 + 2 + 1];			/* "( " + SSID + " )" + null */
data/gpsbabel-1.7.0+ds/netstumbler.cc:92:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char mac[2 + 17 + 2 + 1];			/* "( " + MAC + " )" + null */
data/gpsbabel-1.7.0+ds/netstumbler.cc:194:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        speed = atoi(field) / 10;
data/gpsbabel-1.7.0+ds/netstumbler.cc:198:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        channel = atoi(field);
data/gpsbabel-1.7.0+ds/nmea.cc:304:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  setshort_length(mkshort_handle, atoi(snlenopt));
data/gpsbabel-1.7.0+ds/nmea.cc:738:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char coords[20] = {0};
data/gpsbabel-1.7.0+ds/nmea.cc:1050:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (!gbser_set_speed(gbser_handle, atoi(opt_baud))) {
data/gpsbabel-1.7.0+ds/nmea.cc:1071:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ibuf[1024];
data/gpsbabel-1.7.0+ds/nmea.cc:1109:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ibuf[1024];
data/gpsbabel-1.7.0+ds/nmea.cc:1167:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char obuf[200];
data/gpsbabel-1.7.0+ds/nmea.cc:1199:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char obuf[200];
data/gpsbabel-1.7.0+ds/nmn4.cc:188:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char city[128], street[128], zipc[32], number[32];
data/gpsbabel-1.7.0+ds/nmn4.cc:222:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    target_rte_num = atoi(index_opt);
data/gpsbabel-1.7.0+ds/ozi.cc:165:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  stream->open(fname, mode, MYNAME, opt_codec);
data/gpsbabel-1.7.0+ds/ozi.cc:467:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    setshort_length(mkshort_handle, atoi(snlenopt));
data/gpsbabel-1.7.0+ds/ozi.cc:470:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      setshort_whitespace_ok(mkshort_handle, atoi(snwhiteopt));
data/gpsbabel-1.7.0+ds/ozi.cc:474:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      setshort_mustupper(mkshort_handle, atoi(snupperopt));
data/gpsbabel-1.7.0+ds/ozi.cc:478:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      setshort_mustuniq(mkshort_handle, atoi(snuniqueopt));
data/gpsbabel-1.7.0+ds/parse.cc:166:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char map[3];
data/gpsbabel-1.7.0+ds/pcx.cc:143:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
          symnum = atoi(&ibuf[sym_col]);
data/gpsbabel-1.7.0+ds/pcx.cc:303:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    icon_token = atoi(deficon);
data/gpsbabel-1.7.0+ds/pocketfms_bc.cc:30:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		id[4];		  // 0x42 0x52 0x43 0x00 <=> "BRC"
data/gpsbabel-1.7.0+ds/qstarz_bl_1000.cc:289:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (!file.open(QIODevice::ReadOnly)) {
data/gpsbabel-1.7.0+ds/radius.cc:115:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    maxct = atoi(maxctarg);
data/gpsbabel-1.7.0+ds/random.cc:85:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    generator->seed(atoi(opt_seed));
data/gpsbabel-1.7.0+ds/random.cc:207:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int points = (opt_points) ? atoi(opt_points) : rand_int(128) + 1;
data/gpsbabel-1.7.0+ds/random.cc:246:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    realtime->points = atoi(opt_points);
data/gpsbabel-1.7.0+ds/raymarine.cc:183:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sect[10];
data/gpsbabel-1.7.0+ds/raymarine.cc:232:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sect[10];
data/gpsbabel-1.7.0+ds/raymarine.cc:246:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buff[32];
data/gpsbabel-1.7.0+ds/saroute.cc:158:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(routename, record+0x1c, stringlen);
data/gpsbabel-1.7.0+ds/sbn.cc:65:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char start[4];
data/gpsbabel-1.7.0+ds/sbn.cc:112:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(payload, data + 1, size);
data/gpsbabel-1.7.0+ds/sbn.cc:149:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char username[INFO_USERNAME_LEN + 1];
data/gpsbabel-1.7.0+ds/sbn.cc:150:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char serial_num[INFO_SERIAL_NUM_LEN + 1];
data/gpsbabel-1.7.0+ds/sbn.cc:151:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char log_rate[INFO_LOG_RATE_LEN + 1];
data/gpsbabel-1.7.0+ds/sbn.cc:152:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char version[INFO_VERSION_LEN + 1];
data/gpsbabel-1.7.0+ds/sbn.cc:172:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char header[QRY_INFORMATION_LEN];
data/gpsbabel-1.7.0+ds/sbn.cc:259:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[SBN_RECORD_LEN];
data/gpsbabel-1.7.0+ds/sbp.cc:65:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char header[64];
data/gpsbabel-1.7.0+ds/sbp.cc:87:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[SBP_RECORD_LEN];
data/gpsbabel-1.7.0+ds/shape.cc:145:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[12];
data/gpsbabel-1.7.0+ds/skyforce.cc:82:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    *rte_num_out = atoi(str + 2);
data/gpsbabel-1.7.0+ds/skyforce.cc:92:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[15];
data/gpsbabel-1.7.0+ds/skyforce.cc:145:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[75];	/* long enough for all data types */
data/gpsbabel-1.7.0+ds/skytraq.cc:186:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dump[16*3+16+2];
data/gpsbabel-1.7.0+ds/skytraq.cc:604:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int week_rollover = atoi(opt_gps_week_rollover);
data/gpsbabel-1.7.0+ds/skytraq.cc:611:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int override = atoi(opt_gps_utc_offset);
data/gpsbabel-1.7.0+ds/skytraq.cc:734:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char ts[4];
data/gpsbabel-1.7.0+ds/skytraq.cc:735:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char x[4];
data/gpsbabel-1.7.0+ds/skytraq.cc:736:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char y[4];
data/gpsbabel-1.7.0+ds/skytraq.cc:737:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char z[4];
data/gpsbabel-1.7.0+ds/skytraq.cc:741:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char dt[2]; /* big endian unsigned short */
data/gpsbabel-1.7.0+ds/skytraq.cc:742:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char dpos[4];
data/gpsbabel-1.7.0+ds/skytraq.cc:746:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char v_kmh[2];
data/gpsbabel-1.7.0+ds/skytraq.cc:747:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char ts[4];
data/gpsbabel-1.7.0+ds/skytraq.cc:748:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char lat[4];
data/gpsbabel-1.7.0+ds/skytraq.cc:749:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char lon[4];
data/gpsbabel-1.7.0+ds/skytraq.cc:750:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char alt[4];
data/gpsbabel-1.7.0+ds/skytraq.cc:754:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char type_and_speed[2];
data/gpsbabel-1.7.0+ds/skytraq.cc:1003:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  skytraq_set_baud(atoi(opt_dlbaud));
data/gpsbabel-1.7.0+ds/skytraq.cc:1075:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int read_at_once = MAX(atoi(opt_read_at_once), 1);
data/gpsbabel-1.7.0+ds/skytraq.cc:1076:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int opt_first_sector_val = atoi(opt_first_sector);
data/gpsbabel-1.7.0+ds/skytraq.cc:1077:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int opt_last_sector_val = atoi(opt_last_sector);
data/gpsbabel-1.7.0+ds/skytraq.cc:1130:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      if (atoi(opt_read_at_once) == 0  ||  multi_read_supported == 0) {
data/gpsbabel-1.7.0+ds/skytraq.cc:1146:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
          read_at_once = MIN(read_at_once*2, atoi(opt_read_at_once));
data/gpsbabel-1.7.0+ds/skytraq.cc:1203:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int initbaud = atoi(opt_initbaud);
data/gpsbabel-1.7.0+ds/skytraq.cc:1307:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[32];
data/gpsbabel-1.7.0+ds/skytraq.cc:1348:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int dlbaud = atoi(opt_dlbaud);
data/gpsbabel-1.7.0+ds/skytraq.cc:1390:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int opt_first_sector_val = atoi(opt_first_sector);
data/gpsbabel-1.7.0+ds/skytraq.cc:1391:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int opt_last_sector_val = atoi(opt_last_sector);
data/gpsbabel-1.7.0+ds/src/core/file.h:39:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  bool open(OpenMode mode) override {
data/gpsbabel-1.7.0+ds/src/core/file.h:44:25:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        status = QFile::open(stdout, mode);
data/gpsbabel-1.7.0+ds/src/core/file.h:46:25:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        status = QFile::open(stdin, mode);
data/gpsbabel-1.7.0+ds/src/core/file.h:49:24:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      status =  QFile::open(mode);
data/gpsbabel-1.7.0+ds/src/core/textstream.cc:32:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
void TextStream::open(const QString& fname, QIODevice::OpenMode mode, const char* module, const char* codec_name)
data/gpsbabel-1.7.0+ds/src/core/textstream.cc:41:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  file_->open(mode);
data/gpsbabel-1.7.0+ds/src/core/textstream.h:36:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  void open(const QString& fname, QIODevice::OpenMode mode, const char* module, const char* codec = "UTF-8");
data/gpsbabel-1.7.0+ds/src/core/ziparchive.cc:75:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (!src.open(QIODevice::ReadOnly)) {
data/gpsbabel-1.7.0+ds/stackfilter.cc:112:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    swapdepth = atoi(opt_depth);
data/gpsbabel-1.7.0+ds/stmsdf.cc:594:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tbuf[32];
data/gpsbabel-1.7.0+ds/stmsdf.cc:741:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    opt_route_index_value = atoi(opt_route_index);
data/gpsbabel-1.7.0+ds/stmsdf.cc:775:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tbuf[32];
data/gpsbabel-1.7.0+ds/stmwpp.cc:225:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[64];
data/gpsbabel-1.7.0+ds/stmwpp.cc:289:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    track_index = atoi(index_opt);
data/gpsbabel-1.7.0+ds/teletype.cc:42:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char header[64];
data/gpsbabel-1.7.0+ds/tiger.cc:158:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char desc[101];
data/gpsbabel-1.7.0+ds/tiger.cc:159:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char icon[101];
data/gpsbabel-1.7.0+ds/tiger.cc:270:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  short_length = atoi(snlen);
data/gpsbabel-1.7.0+ds/tomtom.cc:136:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char latbuf[3];
data/gpsbabel-1.7.0+ds/tomtom.cc:137:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char lonbuf[3];
data/gpsbabel-1.7.0+ds/tomtom.cc:340:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char desc_field [256];
data/gpsbabel-1.7.0+ds/tpg.cc:102:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[MAXTPGSTRINGSIZE + 1];
data/gpsbabel-1.7.0+ds/tpg.cc:167:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tbuf[64];
data/gpsbabel-1.7.0+ds/tpo.cc:261:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[16];
data/gpsbabel-1.7.0+ds/tpo.cc:603:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rgb[7],bgr[7];
data/gpsbabel-1.7.0+ds/tpo.cc:631:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(rgb,"%02x%02x%02x",styles[track_style].color[0],styles[track_style].color[1],styles[track_style].color[2]);
data/gpsbabel-1.7.0+ds/tpo.cc:632:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(bgr,"%02x%02x%02x",styles[track_style].color[2],styles[track_style].color[1],styles[track_style].color[0]);
data/gpsbabel-1.7.0+ds/tpo.cc:1597:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char temp_buffer[8];
data/gpsbabel-1.7.0+ds/tpo.cc:1600:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char bounding_box[8] = { 0x00, 0x80, 0x00, 0x80, 0xFF, 0x7F, 0xFF, 0x7F };
data/gpsbabel-1.7.0+ds/tpo.cc:1753:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char file_footer_bytes[6];
data/gpsbabel-1.7.0+ds/trackfilter.cc:249:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buff[128];
data/gpsbabel-1.7.0+ds/trackfilter.cc:276:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buff[128];
data/gpsbabel-1.7.0+ds/transform.cc:136:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    name_digits = atoi(rpt_name_digits);
data/gpsbabel-1.7.0+ds/unicsv.cc:233:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sep[2];
data/gpsbabel-1.7.0+ds/unicsv.cc:291:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sep[2];
data/gpsbabel-1.7.0+ds/unicsv.cc:348:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    res += atoi(opt_utc) * SECONDS_PER_HOUR;
data/gpsbabel-1.7.0+ds/unicsv.cc:464:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fin->open(fname, QIODevice::ReadOnly, MYNAME, opt_codec);
data/gpsbabel-1.7.0+ds/unicsv.cc:492:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char bng_zone[3] = "";
data/gpsbabel-1.7.0+ds/unicsv.cc:1020:55:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      wpt->creation_time = wpt->creation_time.addSecs(atoi(opt_utc) * SECONDS_PER_HOUR);
data/gpsbabel-1.7.0+ds/unicsv.cc:1035:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char bngz[3];
data/gpsbabel-1.7.0+ds/unicsv.cc:1145:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    dt = dt.addSecs(atoi(opt_utc) * SECONDS_PER_HOUR);
data/gpsbabel-1.7.0+ds/unicsv.cc:1350:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char map[3];
data/gpsbabel-1.7.0+ds/unicsv.cc:1545:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        dt = dt.addSecs(atoi(opt_utc) * SECONDS_PER_HOUR);
data/gpsbabel-1.7.0+ds/unicsv.cc:1560:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        t = t.addSecs(atoi(opt_utc) * SECONDS_PER_HOUR);
data/gpsbabel-1.7.0+ds/unicsv.cc:1718:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fout->open(fname, QIODevice::WriteOnly, MYNAME, opt_codec);
data/gpsbabel-1.7.0+ds/unicsv.cc:1753:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  llprec = atoi(opt_prec);
data/gpsbabel-1.7.0+ds/unicsv.h:205:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char unicsv_outp_flags[(fld_terminator + 8) / 8] {};
data/gpsbabel-1.7.0+ds/util.cc:130:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(newstr, str, newlen);
data/gpsbabel-1.7.0+ds/util.cc:207:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  return fopen(qPrintable(fname), mode);
data/gpsbabel-1.7.0+ds/util.cc:541:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[128];
data/gpsbabel-1.7.0+ds/util.cc:636:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest, src, 8);
data/gpsbabel-1.7.0+ds/util.cc:856:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char r[8];
data/gpsbabel-1.7.0+ds/util.cc:870:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&ret, p + 4, 4);
data/gpsbabel-1.7.0+ds/util.cc:871:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(((void*)&ret) + 4, p, 4);
data/gpsbabel-1.7.0+ds/util.cc:873:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&ret, p, 8);
data/gpsbabel-1.7.0+ds/util.cc:883:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char r[4];
data/gpsbabel-1.7.0+ds/util.cc:895:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&ret, p, 4);
data/gpsbabel-1.7.0+ds/util.cc:905:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char r[8];
data/gpsbabel-1.7.0+ds/util.cc:906:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(r + 4, &value, 4);
data/gpsbabel-1.7.0+ds/util.cc:907:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(r, ((void*)&value) + 4, 4);
data/gpsbabel-1.7.0+ds/util.cc:914:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, r, 8);
data/gpsbabel-1.7.0+ds/util.cc:929:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, &value, 4);
data/gpsbabel-1.7.0+ds/util.cc:1021:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(d, s, len);
data/gpsbabel-1.7.0+ds/util.cc:1050:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(o + ooffs, src, c - src);
data/gpsbabel-1.7.0+ds/util.cc:1054:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(o + ooffs, replace, rlen);
data/gpsbabel-1.7.0+ds/util.cc:1060:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(o + ooffs, src, olen - ooffs);
data/gpsbabel-1.7.0+ds/util.cc:1134:11:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
          strcat(cout, "%y");
data/gpsbabel-1.7.0+ds/util.cc:1146:11:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
          strcat(cout, "%m");
data/gpsbabel-1.7.0+ds/util.cc:1154:11:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
          strcat(cout, "%d");
data/gpsbabel-1.7.0+ds/util.cc:1194:11:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
          strcat(cout, "%S");
data/gpsbabel-1.7.0+ds/util.cc:1203:11:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
          strcat(cout, "%M");
data/gpsbabel-1.7.0+ds/util.cc:1211:11:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
          strcat(cout, "%l");	/* 1 .. 12 */
data/gpsbabel-1.7.0+ds/util.cc:1221:11:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
          strcat(cout, "%k");
data/gpsbabel-1.7.0+ds/util.cc:1231:11:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
          strcat(cout, "%P");
data/gpsbabel-1.7.0+ds/util.cc:1241:11:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
          strcat(cout, "%p");
data/gpsbabel-1.7.0+ds/util.cc:1416:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tag[8];
data/gpsbabel-1.7.0+ds/util.cc:1577:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      elen += sprintf(tmpsub, "&#x%x;", value) - bytes;
data/gpsbabel-1.7.0+ds/util.cc:1623:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(p, "&#x%x;", value);
data/gpsbabel-1.7.0+ds/v900.cc:84:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char index[6];          /* record number */
data/gpsbabel-1.7.0+ds/v900.cc:88:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char date[6];           /* YYMMDD. YY=09 is 2009. */
data/gpsbabel-1.7.0+ds/v900.cc:90:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char time[6];           /* HHMMSS */
data/gpsbabel-1.7.0+ds/v900.cc:92:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char latitude_num[9];   /* example: "31.768380" */
data/gpsbabel-1.7.0+ds/v900.cc:95:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char longitude_num[10]; /* example: "035.209656" */
data/gpsbabel-1.7.0+ds/v900.cc:98:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char height[5];         /* Altitude in meters.
data/gpsbabel-1.7.0+ds/v900.cc:101:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char speed[4];          /* speed in km/h. no decimal point. */
data/gpsbabel-1.7.0+ds/v900.cc:103:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char heading[3];        /* heading in degrees */
data/gpsbabel-1.7.0+ds/v900.cc:113:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fixmode[2]; /* "2D" or "3D" */
data/gpsbabel-1.7.0+ds/v900.cc:115:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char valid[4];   /* "SPS " or "DGPS" */
data/gpsbabel-1.7.0+ds/v900.cc:117:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char pdop[5];
data/gpsbabel-1.7.0+ds/v900.cc:119:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char hdop[5];
data/gpsbabel-1.7.0+ds/v900.cc:121:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char vdop[5];
data/gpsbabel-1.7.0+ds/v900.cc:123:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char vox[9];     /* voicetag recorded */
data/gpsbabel-1.7.0+ds/v900.cc:134:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char vox[9];    /* voicetag recorded */
data/gpsbabel-1.7.0+ds/v900.cc:208:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char text[200]; /* used to read the header line, which is normal text */
data/gpsbabel-1.7.0+ds/v900.cc:310:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    wpt->altitude = atoi(line.bas.common.height);
data/gpsbabel-1.7.0+ds/v900.cc:314:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      int date = atoi(line.bas.common.date);
data/gpsbabel-1.7.0+ds/v900.cc:315:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      int time = atoi(line.bas.common.time);
data/gpsbabel-1.7.0+ds/v900.cc:319:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    wpt->speed = KPH_TO_MPS(atoi(line.bas.common.speed));
data/gpsbabel-1.7.0+ds/v900.cc:322:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    wpt->course = atoi(line.bas.common.heading);
data/gpsbabel-1.7.0+ds/v900.cc:353:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char vox_file_name[sizeof(line.adv.vox)+5];
data/gpsbabel-1.7.0+ds/v900.cc:357:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(vox_file_name,".WAV");
data/gpsbabel-1.7.0+ds/vidaone.cc:63:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  vidaone_ver = atoi(vidaone_opt_ver);
data/gpsbabel-1.7.0+ds/vidaone.cc:105:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  vidaone_ver = atoi(vidaone_opt_ver);
data/gpsbabel-1.7.0+ds/vitosmt.cc:50:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char result[9]="\0\0\0\0\0\0\0\0";
data/gpsbabel-1.7.0+ds/vitosmt.cc:52:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr, result, 8);
data/gpsbabel-1.7.0+ds/wbt-200.cc:190:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(bp, buf_CHUNK_PTR(h->current, h->offset), avail);
data/gpsbabel-1.7.0+ds/wbt-200.cc:255:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((char*) buf_CHUNK_PTR(h->tail, h->tail->used), bp, avail);
data/gpsbabel-1.7.0+ds/wbt-200.cc:491:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[80];
data/gpsbabel-1.7.0+ds/wbt-200.cc:492:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  return atoi(get_param(cmd, buf, sizeof(buf)));
data/gpsbabel-1.7.0+ds/wbt-200.cc:497:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[80];
data/gpsbabel-1.7.0+ds/wbt-200.cc:539:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char     wp_name[20];
data/gpsbabel-1.7.0+ds/wbt-200.cc:610:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[RECLEN_MAX];
data/gpsbabel-1.7.0+ds/wbt-200.cc:646:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[RECLEN_MAX];
data/gpsbabel-1.7.0+ds/wbt-200.cc:679:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[512];
data/gpsbabel-1.7.0+ds/wbt-200.cc:703:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char                line_buf[100];
data/gpsbabel-1.7.0+ds/wbt-200.cc:765:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(line_buf, "$PFST,REMOVEFILE,%d", f);
data/gpsbabel-1.7.0+ds/wbt-200.cc:770:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(line_buf, "$PFST,FFSRECLAIM,%d", f);
data/gpsbabel-1.7.0+ds/wbt-200.cc:842:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[RECLEN_WBT201];
data/gpsbabel-1.7.0+ds/wbt-200.cc:854:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cmd_buf[30];
data/gpsbabel-1.7.0+ds/wbt-200.cc:855:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char line_buf[100];
data/gpsbabel-1.7.0+ds/wbt-200.cc:870:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(cmd_buf, "@AL,5,3,%u", pos);
data/gpsbabel-1.7.0+ds/wbt-200.cc:912:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char                line_buf[100];
data/gpsbabel-1.7.0+ds/wbt-200.cc:981:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char                buf[512];
data/gpsbabel-1.7.0+ds/wfff_xml.cc:152:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		desc[255]	="\0";
data/gpsbabel-1.7.0+ds/xcsv.cc:339:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tbuff[1024];
data/gpsbabel-1.7.0+ds/xcsv.cc:535:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    parse_data->utm_zone = atoi(s);
data/gpsbabel-1.7.0+ds/xcsv.cc:541:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    parse_data->utm_zone = atoi(s);
data/gpsbabel-1.7.0+ds/xcsv.cc:720:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    wpt->sat = atoi(s);
data/gpsbabel-1.7.0+ds/xcsv.cc:723:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    wpt->fix = (fix_type)(atoi(s)-(fix_type)1);
data/gpsbabel-1.7.0+ds/xcsv.cc:741:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    parse_data->new_track = atoi(s);
data/gpsbabel-1.7.0+ds/xcsv.cc:758:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    wpt->heartrate = atoi(s);
data/gpsbabel-1.7.0+ds/xcsv.cc:761:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    wpt->cadence = atoi(s);
data/gpsbabel-1.7.0+ds/xcsv.cc:1064:75:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      buff = QString::asprintf(fmp.printfc.constData(), waypt_out_count + atoi(fmp.val.constData()));
data/gpsbabel-1.7.0+ds/xcsv.cc:1218:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char map[3];
data/gpsbabel-1.7.0+ds/xcsv.cc:1227:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char tbuf[100];
data/gpsbabel-1.7.0+ds/xcsv.cc:1246:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char tbuf[10];
data/gpsbabel-1.7.0+ds/xcsv.cc:1901:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    xcsv_file->stream.open(fname, QIODevice::ReadOnly, MYNAME);
data/gpsbabel-1.7.0+ds/xcsv.cc:1903:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    xcsv_file->stream.open(fname, QIODevice::ReadOnly, MYNAME, CSTR(xcsv_style->codecname));
data/gpsbabel-1.7.0+ds/xcsv.cc:1950:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    xcsv_file->stream.open(fname, QIODevice::WriteOnly | QIODevice::Text, MYNAME);
data/gpsbabel-1.7.0+ds/xcsv.cc:1952:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    xcsv_file->stream.open(fname, QIODevice::WriteOnly | QIODevice::Text, MYNAME, CSTR(xcsv_style->codecname));
data/gpsbabel-1.7.0+ds/xcsv.cc:1967:50:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      setshort_length(xcsv_file->mkshort_handle, atoi(snlenopt));
data/gpsbabel-1.7.0+ds/xcsv.cc:1971:57:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      setshort_whitespace_ok(xcsv_file->mkshort_handle, atoi(snwhiteopt));
data/gpsbabel-1.7.0+ds/xcsv.cc:1975:53:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      setshort_mustupper(xcsv_file->mkshort_handle, atoi(snupperopt));
data/gpsbabel-1.7.0+ds/xcsv.cc:1979:52:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      setshort_mustuniq(xcsv_file->mkshort_handle, atoi(snuniqueopt));
data/gpsbabel-1.7.0+ds/xmlgeneric.cc:249:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  file.open(QIODevice::ReadOnly);
data/gpsbabel-1.7.0+ds/xol.cc:160:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  oqfile->open(QIODevice::WriteOnly | QIODevice::Text);
data/gpsbabel-1.7.0+ds/alan.cc:439:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    j = strlen(dest);
data/gpsbabel-1.7.0+ds/alan.cc:815:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(trkhdr[idx].name, CSTRc(TL->rte_name), TRK_NAME_LEN - 1);
data/gpsbabel-1.7.0+ds/alan.cc:823:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(trkhdr[idx].comment, CSTRc(TL->rte_desc), TRK_COMMENT_LEN - 1);
data/gpsbabel-1.7.0+ds/alan.cc:824:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int l = strlen(CSTRc(TL->rte_desc));
data/gpsbabel-1.7.0+ds/an1.cc:331:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (len != strlen(wpt->name)) {
data/gpsbabel-1.7.0+ds/an1.cc:334:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char* ofs = wpt->name + strlen(wpt->name) + 1;
data/gpsbabel-1.7.0+ds/an1.cc:415:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  short len = strlen(wpt->name) + 1 + 2 + 2 +
data/gpsbabel-1.7.0+ds/an1.cc:416:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              (wpt->url ? strlen(wpt->url) : 0) + 2 +
data/gpsbabel-1.7.0+ds/an1.cc:417:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              (wpt->comment ? strlen(wpt->comment) : 0) + 8 + 8;
data/gpsbabel-1.7.0+ds/an1.cc:425:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    WriteShort(f, strlen(wpt->url));
data/gpsbabel-1.7.0+ds/an1.cc:432:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    WriteShort(f, strlen(wpt->comment));
data/gpsbabel-1.7.0+ds/an1.cc:445:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = 2 + (wpt->fontname ? strlen(wpt->fontname) : 0) +
data/gpsbabel-1.7.0+ds/an1.cc:446:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          2 + (wpt->image_name ? strlen(wpt->image_name) : 0);
data/gpsbabel-1.7.0+ds/an1.cc:449:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = strlen(wpt->fontname);
data/gpsbabel-1.7.0+ds/an1.cc:456:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = strlen(wpt->image_name);
data/gpsbabel-1.7.0+ds/an1.cc:463:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(wpt->fontname);
data/gpsbabel-1.7.0+ds/an1.cc:527:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  short len = strlen(line->name);
data/gpsbabel-1.7.0+ds/arcdist.cc:145:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (argsfound != 2 && strspn(line, " \t\n") < strlen(line)) {
data/gpsbabel-1.7.0+ds/bushnell.cc:236:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(tbuf, CSTRc(wpt->shortname), sizeof(tbuf) - 1);
data/gpsbabel-1.7.0+ds/cet.cc:204:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return cet_utf8_strndup(str, strlen(str));
data/gpsbabel-1.7.0+ds/compegps.cc:129:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(month, c+3, 3);
data/gpsbabel-1.7.0+ds/compegps.cc:178:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cx = c + strlen(c) - 1;		/* trim trailing underscores */
data/gpsbabel-1.7.0+ds/compegps.cc:399:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(cin) == 0) {
data/gpsbabel-1.7.0+ds/compegps.cc:559:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
    strncpy(buff, "01-JAN-70 00:00:00", sizeof(buff));
data/gpsbabel-1.7.0+ds/cst.cc:77:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int len = strlen(str);
data/gpsbabel-1.7.0+ds/cst.cc:107:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        res = dest = (char*) xcalloc(strlen(src) + (2*i) + 1, 1);
data/gpsbabel-1.7.0+ds/cst.cc:110:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(dest, src, c - src);
data/gpsbabel-1.7.0+ds/cst.cc:115:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          dest = res + strlen(res);
data/gpsbabel-1.7.0+ds/cst.cc:167:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(cin) == 0) {
data/gpsbabel-1.7.0+ds/cst.cc:245:21:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
          if ((2 != sscanf(cin, "%d %128s", &i, name)) ||
data/gpsbabel-1.7.0+ds/csv_util.cc:67:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (!strlen(string)) {
data/gpsbabel-1.7.0+ds/csv_util.cc:74:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    elen = strlen(enclosure);
data/gpsbabel-1.7.0+ds/csv_util.cc:77:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char* p2 = tmp + strlen(tmp) - 1;
data/gpsbabel-1.7.0+ds/csv_util.cc:260:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dlen = strlen(delimited_by);
data/gpsbabel-1.7.0+ds/csv_util.cc:263:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    elen = strlen(enclosed_in);
data/gpsbabel-1.7.0+ds/csv_util.cc:298:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(tmp, sp, (p - sp));
data/gpsbabel-1.7.0+ds/csv_util.cc:695:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char* subformat = (char*) xmalloc(strlen(format)+2);
data/gpsbabel-1.7.0+ds/csv_util.cc:744:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    formatptr += strlen(subformat);
data/gpsbabel-1.7.0+ds/defs.h:1050:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  ff_read read;
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:272:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(descr, c, TRACK_POINT_SIZE);
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:276:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(temp_descr, c, TRACK_POINT_SIZE);
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:278:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(descr) > 0) {
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:376:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    vdata = vdata + strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:379:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    vdata = vdata + strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:491:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(vdata, sn, 16);
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:497:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vdata += strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:547:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int left = DESCSZ - strlen(vdata);
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:548:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int ilen = strlen(wpt->icon_descr.toUtf8().data());
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:552:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
      strcat(vdata, ")");
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:555:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vdata += strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:560:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(vdata, hint, NOTESZ + 1) ;
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:567:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vdata += strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:602:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(file_out->name, dbname, PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/deprecated/cetus.cc:604:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(file_out->name, out_fname, PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/deprecated/copilot.cc:112:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vdata = vdata + strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/copilot.cc:115:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vdata = vdata + strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/copilot.cc:141:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vdata = vdata + strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/copilot.cc:144:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vdata = vdata + strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/copilot.cc:170:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vdata = vdata + strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/copilot.cc:173:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vdata = vdata + strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/copilot.cc:199:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vdata = vdata + strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/copilot.cc:202:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vdata = vdata + strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/copilot.cc:264:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(vdata, wpt->shortname, 10);
data/gpsbabel-1.7.0+ds/deprecated/copilot.cc:269:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vdata += strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/copilot.cc:271:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(vdata, wpt->description, 100);
data/gpsbabel-1.7.0+ds/deprecated/copilot.cc:276:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vdata += strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/copilot.cc:279:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(vdata, wpt->notes, 1000);
data/gpsbabel-1.7.0+ds/deprecated/copilot.cc:284:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vdata += strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/copilot.cc:294:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(file_out->name, out_fname, PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/deprecated/coto.cc:160:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(buff, app->categories[category], sizeof(buff) - 1);
data/gpsbabel-1.7.0+ds/deprecated/coto.cc:325:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
  strncpy(file_out->name, "cotoGPS MarkerDB", PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/deprecated/coto.cc:333:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(ai->categories[0], zerocat, 16);
data/gpsbabel-1.7.0+ds/deprecated/coto.cc:335:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
    strncpy(ai->categories[0], "Not Assigned", 16);  // FIXME: Replace by default English Palm 'Not Assigned' category
data/gpsbabel-1.7.0+ds/deprecated/coto.cc:361:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((wpt->description) && ((strlen(wpt->description) > MAX_MARKER_NAME_LENGTH) || (strcmp(wpt->description, wpt->shortname)))) {
data/gpsbabel-1.7.0+ds/deprecated/coto.cc:363:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      notes = (char*) xcalloc(strlen(wpt->description) + strlen(wpt->notes) + 9, 1);
data/gpsbabel-1.7.0+ds/deprecated/coto.cc:363:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      notes = (char*) xcalloc(strlen(wpt->description) + strlen(wpt->notes) + 9, 1);
data/gpsbabel-1.7.0+ds/deprecated/coto.cc:374:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size += strlen(notes);
data/gpsbabel-1.7.0+ds/deprecated/coto.cc:380:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(rec->name, shortname, MAX_MARKER_NAME_LENGTH);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:1330:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const unsigned name_size = strlen(name) + 1;
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:1403:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      notes_size = strlen(notes) + 1;
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:1422:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  name_size = strlen(CSTRc(name)) + 1;
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:1806:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    comment_size = strlen(CSTRc(track->rte_desc)) + 1;
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:1812:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(p->name, CSTRc(track->rte_name), sizeof(p->name) - 1);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2147:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(p->name, CSTRc(wp->shortname), sizeof(p->name) - 1);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2209:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(p->name, CSTRc(route->rte_name), sizeof(p->name) - 1);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:2960:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  int n = read(fd_hidraw, buf, delbin_os_packet_size);
data/gpsbabel-1.7.0+ds/deprecated/delbin.cc:3367:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(last_name, name, sizeof(last_name));
data/gpsbabel-1.7.0+ds/deprecated/gcdb.cc:194:1:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
strncpy(rec->dbfld[rec_cnt].fldname, fldname, 4);
data/gpsbabel-1.7.0+ds/deprecated/gcdb.cc:198:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = 1 + strlen((const char*)data);
data/gpsbabel-1.7.0+ds/deprecated/gcdb.cc:285:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(file_out->name, out_fname, PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/deprecated/gcdb.cc:286:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
  strncpy(file_out->name, "GeocachingDB", PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/deprecated/geoniche.cc:78:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(gid) != 6) {
data/gpsbabel-1.7.0+ds/deprecated/geoniche.cc:580:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  buf = d = (char*) xmalloc(strlen(s) * 2 + 1);
data/gpsbabel-1.7.0+ds/deprecated/geoniche.cc:818:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(file_out->name, Arg_dbname, PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/deprecated/geoniche.cc:820:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(file_out->name, FilenameOut, PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/deprecated/google.cc:254:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  QString preamble = tstr.read(256);
data/gpsbabel-1.7.0+ds/deprecated/google.cc:391:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              memmove(end, end+1, strlen(end)+1);
data/gpsbabel-1.7.0+ds/deprecated/google.cc:400:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                memmove(end, end+1, strlen(end)+1);
data/gpsbabel-1.7.0+ds/deprecated/google.cc:502:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            fwrite(panel, sizeof(char), strlen(panel), foo);
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:249:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      wpt_tmp->description = xstrndupt(rec->wpt.d108.varlenstrs + strlen(wpt_tmp->shortname) + 1, 50);
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:292:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              track_head->rte_name = (char*) xmalloc(strlen(trk_name)+strlen(trk_seg_num_buf)+3);
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:292:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              track_head->rte_name = (char*) xmalloc(strlen(trk_name)+strlen(trk_seg_num_buf)+3);
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:336:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              track_head->rte_name = (char*) xmalloc(strlen(trk_name)+strlen(trk_seg_num_buf)+3);
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:336:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              track_head->rte_name = (char*) xmalloc(strlen(trk_name)+strlen(trk_seg_num_buf)+3);
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:385:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(rec->wpt.d103.ident, wpt->shortname, sizeof(rec->wpt.d103.ident));
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:386:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(rec->wpt.d103.cmnt, wpt->description, sizeof(rec->wpt.d103.cmnt));
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:401:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(file_out->name, dbname, PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/deprecated/gpilots.cc:403:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(file_out->name, out_fname, PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/deprecated/gpspilot.cc:147:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    vdata = vdata + strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/gpspilot.cc:150:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    vdata = vdata + strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/gpspilot.cc:175:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(vdata, wpt->description, 36);
data/gpsbabel-1.7.0+ds/deprecated/gpspilot.cc:180:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vdata += strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/gpspilot.cc:182:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(vdata, wpt->shortname, 9);
data/gpsbabel-1.7.0+ds/deprecated/gpspilot.cc:187:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vdata += strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/gpspilot.cc:190:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(vdata, wpt->notes, 161);
data/gpsbabel-1.7.0+ds/deprecated/gpspilot.cc:195:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vdata += strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/gpspilot.cc:206:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(file_out->name, dbname, PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/deprecated/gpspilot.cc:208:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(file_out->name, out_fname, PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/deprecated/mag_pdb.cc:113:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          buff = (char*) xmalloc(strlen(cin) + 1);		/* safe target space for sscanf( ... */
data/gpsbabel-1.7.0+ds/deprecated/magnav.cc:111:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    vdata += strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/magnav.cc:114:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    vdata += strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/magnav.cc:181:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(vdata, sn, 21);
data/gpsbabel-1.7.0+ds/deprecated/magnav.cc:186:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vdata += strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/magnav.cc:188:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(vdata, wpt->description, 33);
data/gpsbabel-1.7.0+ds/deprecated/magnav.cc:193:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vdata += strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/magnav.cc:227:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
  strncpy(file_out->name, "Companion Waypoints", PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/deprecated/mapopolis.cc:156:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      vdata += strlen(wpt_tmp->description) + 1 + 6;
data/gpsbabel-1.7.0+ds/deprecated/mapopolis.cc:163:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      vdata += strlen(wpt_tmp->notes) + 1;
data/gpsbabel-1.7.0+ds/deprecated/mapopolis.cc:222:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(vdata, sn, 21);
data/gpsbabel-1.7.0+ds/deprecated/mapopolis.cc:227:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vdata += strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/mapopolis.cc:229:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(vdata, wpt->description, 33);
data/gpsbabel-1.7.0+ds/deprecated/mapopolis.cc:234:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vdata += strlen(vdata) + 1;
data/gpsbabel-1.7.0+ds/deprecated/mapopolis.cc:269:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
  strncpy(file_out->name, "Companion Waypoints", PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:377:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(hdr, "d");
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:633:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int reclen = ident.length() + strlen(ascii_description) + 2;
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:642:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      reclen += strlen(CSTRc(wpt->notes));
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:1163:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int rname_len = strlen(rname);
data/gpsbabel-1.7.0+ds/deprecated/mapsource.cc:1553:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int tname_len = strlen(tname);
data/gpsbabel-1.7.0+ds/deprecated/msroute.cc:318:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(name, temp, sizeof(name));
data/gpsbabel-1.7.0+ds/deprecated/overlay.cc:210:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  groups[i].name = (char*) xrealloc(groups[i].name,(strlen(akttxt)+1)*sizeof(char));
data/gpsbabel-1.7.0+ds/deprecated/palmdoc.cc:301:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(rec.text, oldmark->text, 16);
data/gpsbabel-1.7.0+ds/deprecated/palmdoc.cc:351:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy((char *) buf.data+buf.len, txt2, partlen);
data/gpsbabel-1.7.0+ds/deprecated/palmdoc.cc:452:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    docprintf(10+strlen(wpt->description), "%s\n", wpt->description);
data/gpsbabel-1.7.0+ds/deprecated/palmdoc.cc:461:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      docprintf(10+strlen(stripped_html), "\n%s\n", stripped_html);
data/gpsbabel-1.7.0+ds/deprecated/palmdoc.cc:466:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      docprintf(10+strlen(stripped_html), "\n%s\n", stripped_html);
data/gpsbabel-1.7.0+ds/deprecated/palmdoc.cc:476:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      docprintf(10+strlen(hint), "\nHint: %s\n", hint);
data/gpsbabel-1.7.0+ds/deprecated/palmdoc.cc:480:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    docprintf(10+strlen(wpt->notes), "%s\n", wpt->notes);
data/gpsbabel-1.7.0+ds/deprecated/palmdoc.cc:500:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        docprintf(10+strlen(logpart->cdata), "%s by ", logpart->cdata);
data/gpsbabel-1.7.0+ds/deprecated/palmdoc.cc:505:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        docprintf(10+strlen(logpart->cdata), "%s on ", logpart->cdata);
data/gpsbabel-1.7.0+ds/deprecated/palmdoc.cc:562:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        docprintf(5+strlen(s), "%s", s);
data/gpsbabel-1.7.0+ds/deprecated/palmdoc.cc:581:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(file_out->name, dbname, PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/deprecated/palmdoc.cc:583:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(file_out->name, out_fname, PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:155:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(dest) + strlen(tmp) + 1;
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:155:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(dest) + strlen(tmp) + 1;
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:228:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  res = str_pool_get(strlen(src) + 1);
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:244:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  c = str + strlen(str) - 1;
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:267:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  tmp = str + strlen(str) - 1;	/* trim trailing nulls */
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:385:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(cx) == 8) {
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:403:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (strlen(cx) == 6) {
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:733:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(buff) + 1;
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:747:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(file_out->name, opt_dbname, PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:766:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(appinfo->vehicleStr, opt_dbicon, VEHICLE_LEN);
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:773:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
      strncpy(file_out->name, "PathAway Waypoints", PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:780:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
      strncpy(file_out->name, "PathAway Track", PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/deprecated/pathaway.cc:788:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
      strncpy(file_out->name, "PathAway Route", PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/deprecated/pdbfile.cc:264:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
  strncpy(res->name, "Palm/OS Database", PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/deprecated/pdbfile.cc:359:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(file->name);
data/gpsbabel-1.7.0+ds/deprecated/psitrex.cc:305:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(psit_current_token) > 0) {
data/gpsbabel-1.7.0+ds/deprecated/psitrex.cc:370:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(ident) == 0) {
data/gpsbabel-1.7.0+ds/deprecated/psitrex.cc:395:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(psit_current_token) == 0) {
data/gpsbabel-1.7.0+ds/deprecated/psitrex.cc:411:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(psit_current_token) > 0) {
data/gpsbabel-1.7.0+ds/deprecated/psitrex.cc:511:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(psit_current_token) == 0) {
data/gpsbabel-1.7.0+ds/deprecated/psitrex.cc:525:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(psit_current_token) > 0) {
data/gpsbabel-1.7.0+ds/deprecated/psitrex.cc:695:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(psit_current_token) == 0) {
data/gpsbabel-1.7.0+ds/deprecated/quovadis.cc:167:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(rec->name, wpt->shortname, 32);
data/gpsbabel-1.7.0+ds/deprecated/quovadis.cc:216:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(file_out->name, dbname, PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/deprecated/quovadis.cc:218:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
    strncpy(file_out->name, "QuoVadisMarkerDB", PDB_DBNAMELEN);
data/gpsbabel-1.7.0+ds/dg-100.cc:690:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
Dg100Format::read()
data/gpsbabel-1.7.0+ds/dg-100.h:75:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  void read() override;
data/gpsbabel-1.7.0+ds/dmtlog.cc:353:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(str);
data/gpsbabel-1.7.0+ds/duplicate.cc:173:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(dupe.shortname, CSTRc(waypointp->shortname), sizeof(dupe.shortname) - 1);
data/gpsbabel-1.7.0+ds/easygps.cc:49:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      strncmp(ibuf, ezsig, strlen(ezsig)) != 0 ||
data/gpsbabel-1.7.0+ds/energympro.cc:258:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
EnergymproFormat::read()
data/gpsbabel-1.7.0+ds/energympro.h:70:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  void read() override;
data/gpsbabel-1.7.0+ds/enigma.cc:190:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ewpt.shortname_len = (uint8_t) min(6, strlen(CSTRc(wpt->shortname)));
data/gpsbabel-1.7.0+ds/enigma.cc:194:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ewpt.longname_len = (uint8_t) min(27, strlen(CSTRc(wpt->description)));
data/gpsbabel-1.7.0+ds/exif.cc:1166:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int len = (val) ? strlen(val) + 1 : 0;
data/gpsbabel-1.7.0+ds/format.h:76:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  virtual void read()
data/gpsbabel-1.7.0+ds/garmin.cc:823:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    gpx_vec->read();
data/gpsbabel-1.7.0+ds/garmin.cc:957:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy(tx_waylist[i]->ident, ident, strlen(ident));
data/gpsbabel-1.7.0+ds/garmin.cc:968:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      memcpy(tx_waylist[i]->cmnt, CSTRc(wpt->description), strlen(CSTRc(wpt->description)));
data/gpsbabel-1.7.0+ds/garmin.cc:976:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memcpy(tx_waylist[i]->cmnt, obuf, strlen(obuf));
data/gpsbabel-1.7.0+ds/garmin.cc:978:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memcpy(tx_waylist[i]->cmnt, CSTRc(src), strlen(CSTRc(src)));
data/gpsbabel-1.7.0+ds/garmin.cc:1055:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy((*cur_tx_routelist_entry)->rte_ident, CSTRc(rte->rte_name),
data/gpsbabel-1.7.0+ds/garmin.cc:1107:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(rte->cmnt, CSTR(wpt->description), sizeof(rte->cmnt) - 1);
data/gpsbabel-1.7.0+ds/garmin.cc:1134:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy((*cur_tx_tracklist_entry)->trk_ident, CSTRc(trk_head->rte_name), sizeof((*cur_tx_tracklist_entry)->trk_ident) - 1);
data/gpsbabel-1.7.0+ds/garmin.cc:1151:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy((*cur_tx_tracklist_entry)->trk_ident, CSTRc(wpt->shortname), sizeof((*cur_tx_tracklist_entry)->trk_ident) - 1);
data/gpsbabel-1.7.0+ds/garmin_fit.cc:770:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
GarminFitFormat::read()
data/gpsbabel-1.7.0+ds/garmin_fit.h:77:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  void read() override;
data/gpsbabel-1.7.0+ds/garmin_fs.cc:381:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(way->cc, STRFROMUNICODE(garmin_fs_t::get_cc(gmsd, nullptr)), sizeof(way->cc));
data/gpsbabel-1.7.0+ds/garmin_fs.cc:382:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(way->city, STRFROMUNICODE(garmin_fs_t::get_city(gmsd, nullptr)), sizeof(way->city));
data/gpsbabel-1.7.0+ds/garmin_fs.cc:383:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(way->state, STRFROMUNICODE(garmin_fs_t::get_state(gmsd, nullptr)), sizeof(way->state));
data/gpsbabel-1.7.0+ds/garmin_fs.cc:384:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(way->facility, STRFROMUNICODE(garmin_fs_t::get_facility(gmsd, nullptr)), sizeof(way->facility));
data/gpsbabel-1.7.0+ds/garmin_fs.cc:385:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(way->cross_road, STRFROMUNICODE(garmin_fs_t::get_cross_road(gmsd, nullptr)), sizeof(way->cross_road));
data/gpsbabel-1.7.0+ds/garmin_fs.cc:386:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(way->addr, STRFROMUNICODE(garmin_fs_t::get_addr(gmsd, nullptr)), sizeof(way->addr));
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:264:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int strlen{0};
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:282:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (result.strlen > 0) {
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:283:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    result.str.resize(result.strlen);
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:284:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    gbfread(result.str.data(), 1, result.strlen, fin);
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:308:94:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 MYNAME ": Error out of sync (wrong size %d/%d/%d) on field '%s'!", l0, res1.strlen, res2.strlen, field);
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:308:107:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 MYNAME ": Error out of sync (wrong size %d/%d/%d) on field '%s'!", l0, res1.strlen, res2.strlen, field);
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:318:91:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 MYNAME ": Error out of sync (wrong size %d/%d) on field '%s'!", l0, res1.strlen, field);
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:757:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int len = strlen(str);
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:906:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    res += strlen(STRFROMUNICODE(wpt->shortname));
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:966:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      dt->sz += (8 + strlen(STRFROMUNICODE(dt->addr)));
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:972:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        dt->sz += (8 + strlen(STRFROMUNICODE(dt->addr)));
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:976:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        dt->sz += (8 + strlen(STRFROMUNICODE(dt->city)));
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:980:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        dt->sz += (8 + strlen(STRFROMUNICODE(dt->country)));
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:984:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        dt->sz += (8 + strlen(STRFROMUNICODE(dt->state)));
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:988:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        dt->sz += (2 + strlen(STRFROMUNICODE(dt->postal_code)));	/* short form */
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:992:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        res += (12 + 4 +  strlen(STRFROMUNICODE(dt->phone_nr)));
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:1008:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      res += (12 + 4 + strlen(STRFROMUNICODE(str)));
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:1067:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int s0 = s1 = 19 + strlen(STRFROMUNICODE(wpt->shortname));
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:1072:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      s0 += (12 + 4 + strlen(STRFROMUNICODE(str)));  /* descr */
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:1078:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      s0 += (12 + 4 + strlen(STRFROMUNICODE(dt->phone_nr)));
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:1129:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      gbfputint32(strlen(STRFROMUNICODE(str)) + 8, fout);	/* string + string header */
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:1157:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      gbfputint32(strlen(STRFROMUNICODE(dt->phone_nr)) + 2 + 2, fout);
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:1186:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  sz += strlen(STRFROMUNICODE(QString::fromUtf8(opt_cat)));
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:1547:16:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
      QThread::usleep(100);
data/gpsbabel-1.7.0+ds/garmin_gpi.cc:1574:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(opt_cat) == 0) {
data/gpsbabel-1.7.0+ds/garmin_tables.cc:589:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(res, CSTR(shortname), 1);
data/gpsbabel-1.7.0+ds/garmin_tables.cc:592:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(res, CSTR(shortname), 2);
data/gpsbabel-1.7.0+ds/garmin_tables.cc:611:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(x->cc) <= 3) {
data/gpsbabel-1.7.0+ds/garmin_tables.cc:612:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(res, x->cc, 3);
data/gpsbabel-1.7.0+ds/garmin_tables.cc:623:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(res, CSTR(shortname), 2);
data/gpsbabel-1.7.0+ds/garmin_txt.cc:922:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(buff, str, sizeof(buff));
data/gpsbabel-1.7.0+ds/garmin_txt.cc:928:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
  strcat(cin, ",");
data/gpsbabel-1.7.0+ds/garmin_txt.cc:1020:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int i = strlen(headers[ht]);
data/gpsbabel-1.7.0+ds/garmin_txt.cc:1023:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
  strcat(fields, "\t");
data/gpsbabel-1.7.0+ds/garmin_txt.cc:1044:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      c = c + strlen(c) + 1;
data/gpsbabel-1.7.0+ds/gbfile.cc:83:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
    strncat(openmode, "b", sizeof(openmode) - strlen(openmode) - 1);
data/gpsbabel-1.7.0+ds/gbfile.cc:83:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strncat(openmode, "b", sizeof(openmode) - strlen(openmode) - 1);
data/gpsbabel-1.7.0+ds/gbfile.cc:547:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(file->name);
data/gpsbabel-1.7.0+ds/gbfile.cc:1246:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int len = (s == nullptr) ? 0 : strlen(s);
data/gpsbabel-1.7.0+ds/gbser.cc:195:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return gbser_write(handle, str, (unsigned) strlen(str));
data/gpsbabel-1.7.0+ds/gbser_posix.cc:295:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        (rc = read(h->fd, h->inbuf + h->inbuf_used,
data/gpsbabel-1.7.0+ds/gbser_posix.cc:347:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          (rc = read(h->fd, h->inbuf + h->inbuf_used,
data/gpsbabel-1.7.0+ds/gbser_posix.cc:430:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(obuf, comname, len);
data/gpsbabel-1.7.0+ds/gbser_win.cc:153:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ((strlen(comname) == 5) && (comname[4] == ':')) ||
data/gpsbabel-1.7.0+ds/gbser_win.cc:154:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ((strlen(comname) == 4) && (case_ignore_strncmp(comname, "com", 3) == 0))
data/gpsbabel-1.7.0+ds/gbser_win.cc:156:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(obuf, comname, len);
data/gpsbabel-1.7.0+ds/gbser_win.cc:159:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t l = strlen(obuf);
data/gpsbabel-1.7.0+ds/gbser_win.cc:391:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t pfx_l = strlen(pfx);
data/gpsbabel-1.7.0+ds/gbser_win.cc:393:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t com_l = strlen(com);
data/gpsbabel-1.7.0+ds/gdb.cc:142:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(f->name);
data/gpsbabel-1.7.0+ds/gdb.cc:1168:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
  strncpy(buff, "Dx", sizeof(buff));
data/gpsbabel-1.7.0+ds/gdb.cc:1174:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
  strncpy(buff, "A].SQA*Dec 27 2004*17:40:51", sizeof(buff));	/* MapSource V6.5 */
data/gpsbabel-1.7.0+ds/gdb.cc:1216:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(buff);
data/gpsbabel-1.7.0+ds/geojson.cc:143:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
GeoJsonFormat::read() {
data/gpsbabel-1.7.0+ds/geojson.h:63:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  void read() override;
data/gpsbabel-1.7.0+ds/ggv_bin.cc:480:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
GgvBinFormat::read()
data/gpsbabel-1.7.0+ds/ggv_bin.h:58:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  void read() override;
data/gpsbabel-1.7.0+ds/globalsat_sport.cc:673:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
GlobalsatSportFormat::read()
data/gpsbabel-1.7.0+ds/globalsat_sport.h:84:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  void read() override;
data/gpsbabel-1.7.0+ds/gopal.cc:132:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((ck == nullptr) || (*ck != '\0') || (strlen(optdate) != 8)) {
data/gpsbabel-1.7.0+ds/gpsutil.cc:88:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(ibuf);
data/gpsbabel-1.7.0+ds/gpsutil.cc:102:13:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    int n = sscanf(ibuf, "%lf%c %lf%c %ld%c %30[^,] %2s",
data/gpsbabel-1.7.0+ds/gpx.cc:1072:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
GpxFormat::read()
data/gpsbabel-1.7.0+ds/gpx.h:70:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  void read() override;
data/gpsbabel-1.7.0+ds/gtm.cc:142:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(str);
data/gpsbabel-1.7.0+ds/gtm.cc:163:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int len = str ? strlen(str) : 0;
data/gpsbabel-1.7.0+ds/gui/gmapdlg.cc:146:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  gpx_.read(gpxFileName);
data/gpsbabel-1.7.0+ds/gui/gpx.cc:215:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool Gpx::read(const QString& fileName)
data/gpsbabel-1.7.0+ds/gui/gpx.h:459:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  bool read(const QString& fileName);
data/gpsbabel-1.7.0+ds/gui/serial_win.cc:64:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(p);
data/gpsbabel-1.7.0+ds/holux.cc:106:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(name,pWptHxTmp->name,sizeof(pWptHxTmp->name));
data/gpsbabel-1.7.0+ds/holux.cc:109:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(desc,pWptHxTmp->comment,sizeof(pWptHxTmp->comment));
data/gpsbabel-1.7.0+ds/holux.cc:172:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(strOut,strTmp,strlen(strTmp));
data/gpsbabel-1.7.0+ds/holux.cc:172:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  strncpy(strOut,strTmp,strlen(strTmp));
data/gpsbabel-1.7.0+ds/holux.cc:209:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(pWptHxTmp->name, mknshort(CSTRc(wpt->shortname),sizeof(pWptHxTmp->name)),sizeof(pWptHxTmp->name));
data/gpsbabel-1.7.0+ds/holux.cc:216:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(pWptHxTmp->comment, mknshort(CSTRc(wpt->description),sizeof(pWptHxTmp->comment)),sizeof(pWptHxTmp->comment));
data/gpsbabel-1.7.0+ds/humminbird.cc:737:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(trk_head->name, CSTR(name), sizeof(trk_head->name)-1);
data/gpsbabel-1.7.0+ds/humminbird.cc:878:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(humrte->name, CSTR(name), sizeof(humrte->name));
data/gpsbabel-1.7.0+ds/igc.cc:120:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(c);
data/gpsbabel-1.7.0+ds/igc.cc:308:11:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
      if (sscanf(ibuf, "H%*1[FOPS]%3s", tmp_str) != 1) {
data/gpsbabel-1.7.0+ds/igc.cc:333:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(trk_desc) < MAXDESCLEN) {
data/gpsbabel-1.7.0+ds/igc.cc:334:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          remain = MAXDESCLEN - strlen(trk_desc);
data/gpsbabel-1.7.0+ds/igc.cc:335:11:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
          strncat(trk_desc, ibuf, remain);
data/gpsbabel-1.7.0+ds/igc.cc:336:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          remain = MAXDESCLEN - strlen(trk_desc);
data/gpsbabel-1.7.0+ds/igc.cc:337:11:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
          strncat(trk_desc, HDRDELIM, remain);
data/gpsbabel-1.7.0+ds/igc.cc:414:11:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
      if (sscanf(ibuf, "L%3s", tmp_str) != 1) {
data/gpsbabel-1.7.0+ds/igc.cc:617:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (str = strtok(rd + strlen(HDRMAGIC) + strlen(HDRDELIM), HDRDELIM);
data/gpsbabel-1.7.0+ds/igc.cc:617:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (str = strtok(rd + strlen(HDRMAGIC) + strlen(HDRDELIM), HDRDELIM);
data/gpsbabel-1.7.0+ds/itracku.cc:127:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int size = strlen(s) + 1;
data/gpsbabel-1.7.0+ds/jeeps/gpsapp.cc:2038:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(gps_categories[cat_num], s, sizeof(gps_categories[0]));
data/gpsbabel-1.7.0+ds/jeeps/gpscom.cc:1200:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(crs[n_crs]->course_name, trk[i]->trk_ident,
data/gpsbabel-1.7.0+ds/jeeps/gpscom.cc:1273:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(cpt[i+n_cpt]->name, wpt[i]->cmnt,
data/gpsbabel-1.7.0+ds/jeeps/gpslibusb.cc:561:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(portname) > 4) {
data/gpsbabel-1.7.0+ds/jeeps/gpsserial.cc:275:12:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  QThread::usleep(100000);
data/gpsbabel-1.7.0+ds/jeeps/gpsserial.cc:431:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  return read(psd->fd, ibuf, size);
data/gpsbabel-1.7.0+ds/jeeps/gpsserial.cc:661:14:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    QThread::usleep(100000);
data/gpsbabel-1.7.0+ds/jeeps/gpsusbwin.cc:231:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(pname) > 4) {
data/gpsbabel-1.7.0+ds/kml.cc:355:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
void KmlFormat::read()
data/gpsbabel-1.7.0+ds/kml.h:69:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  void read() override;
data/gpsbabel-1.7.0+ds/legacyformat.h:53:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  void read() override
data/gpsbabel-1.7.0+ds/legacyformat.h:55:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (vec.read != nullptr) {
data/gpsbabel-1.7.0+ds/legacyformat.h:56:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      vec.read();
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1216:20:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
LowranceusrFormat::read()
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1897:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((len = strlen(opt_title)) == 0) {
data/gpsbabel-1.7.0+ds/lowranceusr.cc:1927:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((len = strlen(opt_content_descr)) == 0) {
data/gpsbabel-1.7.0+ds/lowranceusr.h:139:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  void read() override;
data/gpsbabel-1.7.0+ds/maggeo.cc:211:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
  strcat(buf, ",");
data/gpsbabel-1.7.0+ds/maggeo.cc:296:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sprintf(obuf + strlen(obuf), ",%3.1f",
data/gpsbabel-1.7.0+ds/maggeo.cc:299:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(obuf, ",");
data/gpsbabel-1.7.0+ds/maggeo.cc:303:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sprintf(obuf + strlen(obuf), ",%3.1f",
data/gpsbabel-1.7.0+ds/maggeo.cc:306:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(obuf, ",");
data/gpsbabel-1.7.0+ds/magproto.cc:248:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char* rstring = (char*) xmalloc(strlen(istring)+1);
data/gpsbabel-1.7.0+ds/magproto.cc:273:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char* rstring = (char*) xmalloc(strlen(istring)+1);
data/gpsbabel-1.7.0+ds/magproto.cc:470:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int isz = strlen(ibuf);
data/gpsbabel-1.7.0+ds/magproto.cc:635:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nremains = strlen(esc);
data/gpsbabel-1.7.0+ds/magproto.cc:647:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          memmove(esc, tmp, strlen(tmp) + 1);
data/gpsbabel-1.7.0+ds/magproto.cc:1255:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      gpx_vec->read();
data/gpsbabel-1.7.0+ds/magproto.cc:1262:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      gpx_vec->read();
data/gpsbabel-1.7.0+ds/magproto.cc:1269:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      gpx_vec->read();
data/gpsbabel-1.7.0+ds/main.cc:152:5:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fgetc(stdin);
data/gpsbabel-1.7.0+ds/main.cc:347:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      ivecs->read();
data/gpsbabel-1.7.0+ds/main.cc:544:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ivecs->read();
data/gpsbabel-1.7.0+ds/mapsend.cc:250:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(buf, hdr.ms_version, 2);
data/gpsbabel-1.7.0+ds/mkshort.cc:141:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t l = strlen(name);
data/gpsbabel-1.7.0+ds/mkshort.cc:206:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (int l = strlen(istring); l > start; l--) {
data/gpsbabel-1.7.0+ds/mkshort.cc:213:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(&ostring[l-1], &istring[l], 1+strlen(istring)-l);
data/gpsbabel-1.7.0+ds/mkshort.cc:213:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      strncpy(&ostring[l-1], &istring[l], 1+strlen(istring)-l);
data/gpsbabel-1.7.0+ds/mkshort.cc:214:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ostring[strlen(istring)-1] = 0;
data/gpsbabel-1.7.0+ds/mkshort.cc:231:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int origslen = strlen(s);
data/gpsbabel-1.7.0+ds/mkshort.cc:234:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int rl = strlen(r->orig);
data/gpsbabel-1.7.0+ds/mkshort.cc:383:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((hdl->target_len == 6) && (strlen(ostring) == 7) &&
data/gpsbabel-1.7.0+ds/mkshort.cc:385:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memmove(&ostring[0], &ostring[1], strlen(ostring));
data/gpsbabel-1.7.0+ds/mkshort.cc:391:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((strlen(ostring) > hdl->target_len + 4) &&
data/gpsbabel-1.7.0+ds/mkshort.cc:405:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memmove(&ostring[0], &ostring[1], strlen(ostring));
data/gpsbabel-1.7.0+ds/mkshort.cc:413:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    l = strlen(tstring);
data/gpsbabel-1.7.0+ds/mkshort.cc:440:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  l = strlen(tstring);
data/gpsbabel-1.7.0+ds/mkshort.cc:496:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  while (replaced && strlen(ostring) > hdl->target_len) {
data/gpsbabel-1.7.0+ds/mkshort.cc:507:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char* np = ostring + strlen(ostring);
data/gpsbabel-1.7.0+ds/mkshort.cc:511:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t nlen = strlen(np);
data/gpsbabel-1.7.0+ds/mkshort.cc:526:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  } else if ((/*i = */strlen(ostring)) > hdl->target_len) {
data/gpsbabel-1.7.0+ds/mmo.cc:1153:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    gbfputuint16(strlen(sobj), fout);
data/gpsbabel-1.7.0+ds/mmo.cc:1154:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    gbfwrite(sobj, strlen(sobj), 1, fout);
data/gpsbabel-1.7.0+ds/mtk_locus.cc:289:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((strlen(line) < 3) || (line[0] != '$') || (line[strlen(line)-3] != '*')) {
data/gpsbabel-1.7.0+ds/mtk_locus.cc:289:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((strlen(line) < 3) || (line[0] != '$') || (line[strlen(line)-3] != '*')) {
data/gpsbabel-1.7.0+ds/mtk_locus.cc:294:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int calculated_checksum = calculate_checksum(&line[1], strlen(line) - 1 - 3);
data/gpsbabel-1.7.0+ds/mtk_locus.cc:295:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  sscanf(&line[strlen(line) - 2], "%02x", &given_checksum);
data/gpsbabel-1.7.0+ds/mtk_locus.cc:301:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strncmp(line, waiting_for, strlen(waiting_for)) == 0) {
data/gpsbabel-1.7.0+ds/mtk_locus.cc:306:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  line[strlen(line) - 3] = '\0';  // remove checksum
data/gpsbabel-1.7.0+ds/mtk_locus.cc:524:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int checksum = calculate_checksum(&s[1], strlen(s)-1);
data/gpsbabel-1.7.0+ds/mtk_locus.cc:541:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
  strncat(cmd, &s[5], 3);
data/gpsbabel-1.7.0+ds/mtk_locus.cc:547:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  while (strlen(waiting_for) > 0) {
data/gpsbabel-1.7.0+ds/mtk_logger.cc:335:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    expect_len = strlen(expect);
data/gpsbabel-1.7.0+ds/mtk_logger.cc:356:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  do_send_cmd(cmd, strlen(cmd)); // success or fatal()...
data/gpsbabel-1.7.0+ds/mtk_logger.cc:371:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = strlen(line);
data/gpsbabel-1.7.0+ds/mtk_logger.cc:521:12:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  QThread::usleep(10 * 1000);
data/gpsbabel-1.7.0+ds/mtk_logger.cc:525:12:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  QThread::usleep(100 * 1000);
data/gpsbabel-1.7.0+ds/mtk_logger.cc:579:12:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  QThread::usleep(10 * 1000);
data/gpsbabel-1.7.0+ds/mtk_logger.cc:584:12:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  QThread::usleep(100 * 1000);
data/gpsbabel-1.7.0+ds/mtk_logger.cc:669:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      int len = strlen(line);
data/gpsbabel-1.7.0+ds/mtk_logger.cc:718:22:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
            QThread::usleep(10 * 1000);
data/gpsbabel-1.7.0+ds/mynav.cc:124:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
MyNavFormat::read()
data/gpsbabel-1.7.0+ds/mynav.h:60:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  void read() override;
data/gpsbabel-1.7.0+ds/naviguide.cc:134:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int i = strlen(STRFROMUNICODE(s));
data/gpsbabel-1.7.0+ds/naviguide.cc:144:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  i = strlen(STRFROMUNICODE(d));
data/gpsbabel-1.7.0+ds/naviguide.cc:388:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (unsigned i = 0; i <strlen(strComment); ++i) {
data/gpsbabel-1.7.0+ds/navilink.cc:420:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy((char*)buffer + 4, CSTRc(waypt->shortname), 6);
data/gpsbabel-1.7.0+ds/navilink.cc:602:12:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  QThread::usleep(10000);
data/gpsbabel-1.7.0+ds/navilink.cc:732:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy((char*)data + 4, CSTR(rte_name), 13);
data/gpsbabel-1.7.0+ds/navilink.cc:1049:14:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    QThread::usleep(CLEAR_DATALOG_TIME * 1000);
data/gpsbabel-1.7.0+ds/netstumbler.cc:161:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(ssid) - 2;
data/gpsbabel-1.7.0+ds/netstumbler.cc:182:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        mac[strlen(mac) - 2] = 0;/* zap " )" */
data/gpsbabel-1.7.0+ds/nmea.cc:960:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
NmeaFormat::read()
data/gpsbabel-1.7.0+ds/nmea.cc:981:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((ck == nullptr) || (*ck != '\0') || (strlen(optdate) != 8)) {
data/gpsbabel-1.7.0+ds/nmea.cc:1092:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((rv > -1) && (strlen(ibuf) > 0) && ibuf[0] == '$') {
data/gpsbabel-1.7.0+ds/nmea.cc:1124:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      safe_print(strlen(ibuf), ibuf);
data/gpsbabel-1.7.0+ds/nmea.cc:1186:14:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    QThread::usleep(sleepus);
data/gpsbabel-1.7.0+ds/nmea.cc:1207:18:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
        QThread::usleep(sleepus);
data/gpsbabel-1.7.0+ds/nmea.cc:1211:20:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
          QThread::usleep(wait_time * 1000000);
data/gpsbabel-1.7.0+ds/nmea.cc:1391:12:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  QThread::usleep(250 * 1000);
data/gpsbabel-1.7.0+ds/nmea.h:71:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  void read() override;
data/gpsbabel-1.7.0+ds/nmn4.cc:194:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant character.
  strncpy(city, "-", sizeof(city));
data/gpsbabel-1.7.0+ds/nmn4.cc:195:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant character.
  strncpy(street, "-", sizeof(street));
data/gpsbabel-1.7.0+ds/nmn4.cc:196:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant character.
  strncpy(zipc, "-", sizeof(zipc));
data/gpsbabel-1.7.0+ds/nmn4.cc:197:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant character.
  strncpy(number, "-", sizeof(number));
data/gpsbabel-1.7.0+ds/osm.cc:633:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
OsmFormat::read()
data/gpsbabel-1.7.0+ds/osm.cc:690:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char* ce = cin + strlen(cin);
data/gpsbabel-1.7.0+ds/osm.cc:703:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cin += strlen(cin) + 1;
data/gpsbabel-1.7.0+ds/osm.cc:784:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(created_by) !=0) {
data/gpsbabel-1.7.0+ds/osm.cc:839:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(created_by) !=0) {
data/gpsbabel-1.7.0+ds/osm.h:73:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  void read() override;
data/gpsbabel-1.7.0+ds/pocketfms_wp.cc:64:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(buff) == 0) {
data/gpsbabel-1.7.0+ds/polygon.cc:249:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (argsfound != 2 && strspn(line, " \t\n") < strlen(line)) {
data/gpsbabel-1.7.0+ds/qstarz_bl_1000.cc:286:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
QstarzBL1000Format::read()
data/gpsbabel-1.7.0+ds/qstarz_bl_1000.h:83:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  void read() override;
data/gpsbabel-1.7.0+ds/random.cc:201:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
RandomFormat::read()
data/gpsbabel-1.7.0+ds/random.h:68:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  void read() override;
data/gpsbabel-1.7.0+ds/shape.cc:201:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
ShapeFormat::read()
data/gpsbabel-1.7.0+ds/shape.h:63:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  void read() override;
data/gpsbabel-1.7.0+ds/shortname.cc:60:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        out = out.replace(i, strlen(r->orig), r->replacement);
data/gpsbabel-1.7.0+ds/skyforce.cc:46:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(str) < 38) {
data/gpsbabel-1.7.0+ds/skyforce.cc:98:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(buf, str + 2, sizeof(buf) - 1);
data/gpsbabel-1.7.0+ds/skyforce.cc:106:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int len = strlen(str);
data/gpsbabel-1.7.0+ds/skytraq.cc:491:12:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  QThread::usleep(50);		/* allow UART to settle. */
data/gpsbabel-1.7.0+ds/skytraq.cc:1234:14:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    QThread::usleep(50);		/* allow UART to settle. */
data/gpsbabel-1.7.0+ds/strptime.c:75:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  ({ size_t len = strlen (cs1);						      \
data/gpsbabel-1.7.0+ds/strptime.c:82:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  (case_ignore_strncmp ((cs1), (s2), strlen (cs1)) ? 0 : ((s2) += strlen (cs1), 1))
data/gpsbabel-1.7.0+ds/strptime.c:82:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  (case_ignore_strncmp ((cs1), (s2), strlen (cs1)) ? 0 : ((s2) += strlen (cs1), 1))
data/gpsbabel-1.7.0+ds/strptime.c:132:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      size_t len = strlen (alts);				      \
data/gpsbabel-1.7.0+ds/tmpro.cc:81:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((strlen(buff)) && (strstr(buff, "sHyperLink") == nullptr)) {
data/gpsbabel-1.7.0+ds/tomtom.cc:309:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define write_string(f,s) gbfwrite((s),1,strlen(s)+1,f)
data/gpsbabel-1.7.0+ds/tomtom.cc:356:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      write_long(f, strlen(desc_field) + 14);
data/gpsbabel-1.7.0+ds/tpo.cc:164:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strncmp(v3_id_string, string_buffer, strlen(v3_id_string)) == 0) {
data/gpsbabel-1.7.0+ds/tpo.cc:226:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (match_index == strlen(section_name)) {
data/gpsbabel-1.7.0+ds/tpo.cc:1766:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int chunk_name_length = strlen(chunk_name);
data/gpsbabel-1.7.0+ds/trackfilter.cc:243:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((opt_title != nullptr) && (strlen(opt_title) > 0)) {
data/gpsbabel-1.7.0+ds/trackfilter.cc:294:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(opt_title) == 0) {
data/gpsbabel-1.7.0+ds/trackfilter.cc:424:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    opt_interval = (opt_split && (strlen(opt_split) > 0) && (0 != strcmp(opt_split, TRACKFILTER_SPLIT_OPTION)));
data/gpsbabel-1.7.0+ds/trackfilter.cc:460:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    opt_distance = (opt_sdistance && (strlen(opt_sdistance) > 0) && (0 != strcmp(opt_sdistance, TRACKFILTER_SDIST_OPTION)));
data/gpsbabel-1.7.0+ds/unicsv.cc:611:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(bng_zone, CSTR(value), sizeof(bng_zone) - 1);
data/gpsbabel-1.7.0+ds/unicsv.cc:1090:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
UnicsvFormat::read()
data/gpsbabel-1.7.0+ds/unicsv.h:65:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  void read() override;
data/gpsbabel-1.7.0+ds/util.cc:104:82:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    fatal("gpsbabel: Unable to allocate %ld bytes of memory.\n", (unsigned long) strlen(s));
data/gpsbabel-1.7.0+ds/util.cc:161:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t newsz = strlen(src) + strlen(newd) + 1;
data/gpsbabel-1.7.0+ds/util.cc:161:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t newsz = strlen(src) + strlen(newd) + 1;
data/gpsbabel-1.7.0+ds/util.cc:386:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char* c = buff + strlen(buff);
data/gpsbabel-1.7.0+ds/util.cc:1008:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int len = strlen(s);
data/gpsbabel-1.7.0+ds/util.cc:1009:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int slen = strlen(search);
data/gpsbabel-1.7.0+ds/util.cc:1010:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int rlen = strlen(replace);
data/gpsbabel-1.7.0+ds/util.cc:1041:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int olen = strlen(src);
data/gpsbabel-1.7.0+ds/util.cc:1042:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int slen = strlen(search);
data/gpsbabel-1.7.0+ds/util.cc:1043:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int rlen = strlen(replace);
data/gpsbabel-1.7.0+ds/util.cc:1118:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char* result = (char*) xcalloc((2*strlen(human_datef)) + 1, 1);
data/gpsbabel-1.7.0+ds/util.cc:1182:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char* result = (char*) xcalloc((2*strlen(human_timef)) + 1, 1);
data/gpsbabel-1.7.0+ds/util.cc:1562:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      elen += strlen(ep->entity) - strlen(ep->text);
data/gpsbabel-1.7.0+ds/util.cc:1562:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      elen += strlen(ep->entity) - strlen(ep->text);
data/gpsbabel-1.7.0+ds/util.cc:1564:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      cp += strlen(ep->text);
data/gpsbabel-1.7.0+ds/util.cc:1584:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  tmp = (char*) xcalloc((strlen(str) + elen + 1), 1);
data/gpsbabel-1.7.0+ds/util.cc:1599:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        elen = strlen(ep->entity);
data/gpsbabel-1.7.0+ds/util.cc:1601:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        xstr = xstrdup(p + strlen(ep->text));
data/gpsbabel-1.7.0+ds/util.cc:1624:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        p = p+strlen(p);
data/gpsbabel-1.7.0+ds/wbt-200.cc:441:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t pat_len = strlen(pat);
data/gpsbabel-1.7.0+ds/wbt-200.cc:442:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return (pat_len <= strlen(buf))
data/gpsbabel-1.7.0+ds/wbt-200.cc:466:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      return strlen(expect);
data/gpsbabel-1.7.0+ds/wbt-200.cc:886:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char* lp = line_buf + strlen(cs_prefix);
data/gpsbabel-1.7.0+ds/wbt-200.cc:986:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t              tk1_magic_len = strlen(tk1_magic) + 1;
data/gpsbabel-1.7.0+ds/xcsv.cc:237:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  struct xt_mapping* xm = Perfect_Hash::in_word_set(key.constData(), strlen(key.constData()));
data/gpsbabel-1.7.0+ds/xcsv.cc:256:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  struct xt_mapping* xm = Perfect_Hash::in_word_set(key.constData(), strlen(key.constData()));
data/gpsbabel-1.7.0+ds/xcsv.cc:310:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char* ampm = (char*) xmalloc(strlen(s) + 1);
data/gpsbabel-1.7.0+ds/xcsv.cc:542:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    parse_data->utm_zonec = s[strlen(s) - 1];
data/gpsbabel-1.7.0+ds/xcsv.cc:834:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
XcsvFormat::read()
data/gpsbabel-1.7.0+ds/xcsv.h:199:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  void read() override;
data/gpsbabel-1.7.0+ds/yahoo.cc:39:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
YahooFormat::read()
data/gpsbabel-1.7.0+ds/yahoo.h:66:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  void read() override;

ANALYSIS SUMMARY:

Hits = 1552
Lines analyzed = 146404 in approximately 12.42 seconds (11788 lines/second)
Physical Source Lines of Code (SLOC) = 106805
Hits@level = [0] 774 [1] 458 [2] 809 [3]   3 [4] 280 [5]   2
Hits@level+ = [0+] 2326 [1+] 1552 [2+] 1094 [3+] 285 [4+] 282 [5+]   2
Hits/KSLOC@level+ = [0+] 21.778 [1+] 14.5312 [2+] 10.243 [3+] 2.66841 [4+] 2.64033 [5+] 0.0187257
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.