Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gretl-2020e/plugin/jmulti_import.c
Examining data/gretl-2020e/plugin/gtk_compat.h
Examining data/gretl-2020e/plugin/arma_init.c
Examining data/gretl-2020e/plugin/biff.h
Examining data/gretl-2020e/plugin/mpack/md5c.c
Examining data/gretl-2020e/plugin/mpack/encode.c
Examining data/gretl-2020e/plugin/mpack/mpack.h
Examining data/gretl-2020e/plugin/mpack/md5.h
Examining data/gretl-2020e/plugin/geoplot.c
Examining data/gretl-2020e/plugin/interpolate.c
Examining data/gretl-2020e/plugin/spss_import.c
Examining data/gretl-2020e/plugin/reprobit.c
Examining data/gretl-2020e/plugin/arma_priv.h
Examining data/gretl-2020e/plugin/sas_import.c
Examining data/gretl-2020e/plugin/panurc.c
Examining data/gretl-2020e/plugin/dpanel.c
Examining data/gretl-2020e/plugin/fcp.c
Examining data/gretl-2020e/plugin/tramo_options.c
Examining data/gretl-2020e/plugin/garch.h
Examining data/gretl-2020e/plugin/leverage.c
Examining data/gretl-2020e/plugin/svm.c
Examining data/gretl-2020e/plugin/zipunzip/zipwork.c
Examining data/gretl-2020e/plugin/zipunzip/zipfile.c
Examining data/gretl-2020e/plugin/zipunzip/zfileio.c
Examining data/gretl-2020e/plugin/zipunzip/zipmain.c
Examining data/gretl-2020e/plugin/zipunzip/zunz_private.h
Examining data/gretl-2020e/plugin/zipunzip/zipunzip.h
Examining data/gretl-2020e/plugin/zipunzip/zsystem.c
Examining data/gretl-2020e/plugin/zipunzip/ziperr.h
Examining data/gretl-2020e/plugin/import_common.c
Examining data/gretl-2020e/plugin/stata_export.c
Examining data/gretl-2020e/plugin/jrestrict.c
Examining data/gretl-2020e/plugin/pca.c
Examining data/gretl-2020e/plugin/johansen.c
Examining data/gretl-2020e/plugin/libole2/ms-ole.c
Examining data/gretl-2020e/plugin/libole2/ms-ole.h
Examining data/gretl-2020e/plugin/garch.c
Examining data/gretl-2020e/plugin/anova.c
Examining data/gretl-2020e/plugin/as154.c
Examining data/gretl-2020e/plugin/xml_get.c
Examining data/gretl-2020e/plugin/jalpha.c
Examining data/gretl-2020e/plugin/kernel.c
Examining data/gretl-2020e/plugin/tramo_x12a.h
Examining data/gretl-2020e/plugin/arma.c
Examining data/gretl-2020e/plugin/liml.c
Examining data/gretl-2020e/plugin/fiml.c
Examining data/gretl-2020e/plugin/importer.h
Examining data/gretl-2020e/plugin/arma_x12.c
Examining data/gretl-2020e/plugin/as_driver.c
Examining data/gretl-2020e/plugin/progress_bar.c
Examining data/gretl-2020e/plugin/heckit.c
Examining data/gretl-2020e/plugin/interval.c
Examining data/gretl-2020e/plugin/eviews_import.c
Examining data/gretl-2020e/plugin/gretlzip.c
Examining data/gretl-2020e/plugin/excel_import.c
Examining data/gretl-2020e/plugin/jprivate.h
Examining data/gretl-2020e/plugin/mp_ols.c
Examining data/gretl-2020e/plugin/sysest.c
Examining data/gretl-2020e/plugin/poisson.c
Examining data/gretl-2020e/plugin/quantreg.c
Examining data/gretl-2020e/plugin/mod_garch.c
Examining data/gretl-2020e/plugin/sysml.h
Examining data/gretl-2020e/plugin/stata_import.c
Examining data/gretl-2020e/plugin/tramo-x12a.c
Examining data/gretl-2020e/plugin/addons-i18n.c
Examining data/gretl-2020e/plugin/fractals.c
Examining data/gretl-2020e/plugin/libsvm/svmlib.cpp
Examining data/gretl-2020e/plugin/libsvm/svmlib.h
Examining data/gretl-2020e/plugin/arbond.c
Examining data/gretl-2020e/plugin/rq/rqbr.c
Examining data/gretl-2020e/plugin/rq/rqfnb.c
Examining data/gretl-2020e/plugin/json_get.c
Examining data/gretl-2020e/plugin/biprobit.c
Examining data/gretl-2020e/plugin/regls.c
Examining data/gretl-2020e/plugin/duration.c
Examining data/gretl-2020e/plugin/ods_import.c
Examining data/gretl-2020e/plugin/stats_tables.c
Examining data/gretl-2020e/plugin/as197.c
Examining data/gretl-2020e/plugin/mailer.c
Examining data/gretl-2020e/plugin/workbook.c
Examining data/gretl-2020e/plugin/iso3166.c
Examining data/gretl-2020e/plugin/gnumeric_import.c
Examining data/gretl-2020e/plugin/arma_cml.c
Examining data/gretl-2020e/plugin/range-mean.c
Examining data/gretl-2020e/plugin/arma_common.c
Examining data/gretl-2020e/plugin/urcdist.c
Examining data/gretl-2020e/plugin/libshp/shapefile.h
Examining data/gretl-2020e/plugin/libshp/shpopen.c
Examining data/gretl-2020e/plugin/libshp/dbfopen.c
Examining data/gretl-2020e/plugin/odbc_import.c
Examining data/gretl-2020e/plugin/vif.c
Examining data/gretl-2020e/plugin/xlsx_import.c
Examining data/gretl-2020e/cephes/hyperg.c
Examining data/gretl-2020e/cephes/polrt.c
Examining data/gretl-2020e/cephes/fdtr.c
Examining data/gretl-2020e/cephes/k1.c
Examining data/gretl-2020e/cephes/psi.c
Examining data/gretl-2020e/cephes/struve.c
Examining data/gretl-2020e/cephes/mconf.h
Examining data/gretl-2020e/cephes/kn.c
Examining data/gretl-2020e/cephes/mtherr.c
Examining data/gretl-2020e/cephes/libprob.h
Examining data/gretl-2020e/cephes/k0.c
Examining data/gretl-2020e/cephes/yn.c
Examining data/gretl-2020e/cephes/ndtri.c
Examining data/gretl-2020e/cephes/airy.c
Examining data/gretl-2020e/cephes/kv.c
Examining data/gretl-2020e/cephes/stdtr.c
Examining data/gretl-2020e/cephes/bdtr.c
Examining data/gretl-2020e/cephes/chdtr.c
Examining data/gretl-2020e/cephes/hyp2f1.c
Examining data/gretl-2020e/cephes/j0.c
Examining data/gretl-2020e/cephes/ndtr.c
Examining data/gretl-2020e/cephes/expx2.c
Examining data/gretl-2020e/cephes/incbet.c
Examining data/gretl-2020e/cephes/gdtr.c
Examining data/gretl-2020e/cephes/jv.c
Examining data/gretl-2020e/cephes/i1.c
Examining data/gretl-2020e/cephes/nbdtr.c
Examining data/gretl-2020e/cephes/btdtr.c
Examining data/gretl-2020e/cephes/igam.c
Examining data/gretl-2020e/cephes/const.c
Examining data/gretl-2020e/cephes/cbrt.c
Examining data/gretl-2020e/cephes/jn.c
Examining data/gretl-2020e/cephes/iv.c
Examining data/gretl-2020e/cephes/polevl.c
Examining data/gretl-2020e/cephes/unity.c
Examining data/gretl-2020e/cephes/cephes.h
Examining data/gretl-2020e/cephes/igami.c
Examining data/gretl-2020e/cephes/i0.c
Examining data/gretl-2020e/cephes/gamma.c
Examining data/gretl-2020e/cephes/incbi.c
Examining data/gretl-2020e/cephes/pdtr.c
Examining data/gretl-2020e/cephes/j1.c
Examining data/gretl-2020e/cephes/chbevl.c
Examining data/gretl-2020e/gui/filters.h
Examining data/gretl-2020e/gui/cmdstack.h
Examining data/gretl-2020e/gui/database.c
Examining data/gretl-2020e/gui/fncall.c
Examining data/gretl-2020e/gui/osx_env.c
Examining data/gretl-2020e/gui/join-gui.h
Examining data/gretl-2020e/gui/treeutils.h
Examining data/gretl-2020e/gui/graphics.h
Examining data/gretl-2020e/gui/calculator.c
Examining data/gretl-2020e/gui/fncall.h
Examining data/gretl-2020e/gui/fnsave.c
Examining data/gretl-2020e/gui/datafiles.h
Examining data/gretl-2020e/gui/gretl.c
Examining data/gretl-2020e/gui/settings.c
Examining data/gretl-2020e/gui/fnsave.h
Examining data/gretl-2020e/gui/gretlwin32.h
Examining data/gretl-2020e/gui/gfn_arglists.h
Examining data/gretl-2020e/gui/ssheet.h
Examining data/gretl-2020e/gui/graph_page.c
Examining data/gretl-2020e/gui/series_view.c
Examining data/gretl-2020e/gui/menustate.c
Examining data/gretl-2020e/gui/dlgutils.c
Examining data/gretl-2020e/gui/ssheet.c
Examining data/gretl-2020e/gui/textutil.c
Examining data/gretl-2020e/gui/gretl_ipc.h
Examining data/gretl-2020e/gui/clipboard.c
Examining data/gretl-2020e/gui/gretl.h
Examining data/gretl-2020e/gui/datawiz.c
Examining data/gretl-2020e/gui/dlgutils.h
Examining data/gretl-2020e/gui/mknews.c
Examining data/gretl-2020e/gui/textutil.h
Examining data/gretl-2020e/gui/guiprint.c
Examining data/gretl-2020e/gui/winstack.c
Examining data/gretl-2020e/gui/textbuf.c
Examining data/gretl-2020e/gui/database.h
Examining data/gretl-2020e/gui/graph_page.h
Examining data/gretl-2020e/gui/update.c
Examining data/gretl-2020e/gui/series_view.h
Examining data/gretl-2020e/gui/spinner.c
Examining data/gretl-2020e/gui/lagpref.c
Examining data/gretl-2020e/gui/varinfo.c
Examining data/gretl-2020e/gui/gui_utils.c
Examining data/gretl-2020e/gui/lib_private.h
Examining data/gretl-2020e/gui/gui_recode.c
Examining data/gretl-2020e/gui/gretlwin32.c
Examining data/gretl-2020e/gui/gretl_ipc.c
Examining data/gretl-2020e/gui/objectsave.h
Examining data/gretl-2020e/gui/fontfilter.h
Examining data/gretl-2020e/gui/callbacks.c
Examining data/gretl-2020e/gui/filelists.h
Examining data/gretl-2020e/gui/console.h
Examining data/gretl-2020e/gui/gpt_control.h
Examining data/gretl-2020e/gui/gpt_dialog.c
Examining data/gretl-2020e/gui/fontfilter.c
Examining data/gretl-2020e/gui/gpt_dialog.h
Examining data/gretl-2020e/gui/obsbutton.c
Examining data/gretl-2020e/gui/gui_recode.h
Examining data/gretl-2020e/gui/library.h
Examining data/gretl-2020e/gui/lagpref.h
Examining data/gretl-2020e/gui/filters.c
Examining data/gretl-2020e/gui/clipboard.h
Examining data/gretl-2020e/gui/textbuf.h
Examining data/gretl-2020e/gui/model_table.c
Examining data/gretl-2020e/gui/fileselect.c
Examining data/gretl-2020e/gui/session.h
Examining data/gretl-2020e/gui/gpt_control.c
Examining data/gretl-2020e/gui/spinner.h
Examining data/gretl-2020e/gui/helpfiles.c
Examining data/gretl-2020e/gui/gfn_arglists.c
Examining data/gretl-2020e/gui/dialogs.c
Examining data/gretl-2020e/gui/objectsave.c
Examining data/gretl-2020e/gui/treeutils.c
Examining data/gretl-2020e/gui/library.c
Examining data/gretl-2020e/gui/about.c
Examining data/gretl-2020e/gui/toolbar.c
Examining data/gretl-2020e/gui/menustate.h
Examining data/gretl-2020e/gui/gretltypes.h
Examining data/gretl-2020e/gui/model_table.h
Examining data/gretl-2020e/gui/gretl_enums.h
Examining data/gretl-2020e/gui/filelists.c
Examining data/gretl-2020e/gui/datafiles.c
Examining data/gretl-2020e/gui/session_xml.c
Examining data/gretl-2020e/gui/join-gui.c
Examining data/gretl-2020e/gui/callbacks.h
Examining data/gretl-2020e/gui/obsbutton.h
Examining data/gretl-2020e/gui/session.c
Examining data/gretl-2020e/gui/fileselect.h
Examining data/gretl-2020e/gui/settings.h
Examining data/gretl-2020e/gui/gtkfontselhack.h
Examining data/gretl-2020e/gui/tabwin.h
Examining data/gretl-2020e/gui/gppoints.h
Examining data/gretl-2020e/gui/cmdstack.c
Examining data/gretl-2020e/gui/guiprint.h
Examining data/gretl-2020e/gui/mklang.c
Examining data/gretl-2020e/gui/selector.c
Examining data/gretl-2020e/gui/gui_utils.h
Examining data/gretl-2020e/gui/winstack.h
Examining data/gretl-2020e/gui/dialogs.h
Examining data/gretl-2020e/gui/selector.h
Examining data/gretl-2020e/gui/graphics.c
Examining data/gretl-2020e/gui/toolbar.h
Examining data/gretl-2020e/gui/up_down.h
Examining data/gretl-2020e/gui/tabwin.c
Examining data/gretl-2020e/gui/arrows.h
Examining data/gretl-2020e/gui/gtkfontselhack.c
Examining data/gretl-2020e/gui/console.c
Examining data/gretl-2020e/gui/calculator.h
Examining data/gretl-2020e/gui/varinfo.h
Examining data/gretl-2020e/gui/datawiz.h
Examining data/gretl-2020e/gui/helpfiles.h
Examining data/gretl-2020e/doc/tex/extract_scripts.c
Examining data/gretl-2020e/dcmt/dc.h
Examining data/gretl-2020e/dcmt/dci.h
Examining data/gretl-2020e/dcmt/mt19937.h
Examining data/gretl-2020e/dcmt/seive.c
Examining data/gretl-2020e/dcmt/mt19937.c
Examining data/gretl-2020e/dcmt/eqdeg.c
Examining data/gretl-2020e/dcmt/genmtrand.c
Examining data/gretl-2020e/dcmt/prescr.c
Examining data/gretl-2020e/dcmt/check32.c
Examining data/gretl-2020e/lib/src/uservar.h
Examining data/gretl-2020e/lib/src/gretl_model.c
Examining data/gretl-2020e/lib/src/calendar.h
Examining data/gretl-2020e/lib/src/discrete.c
Examining data/gretl-2020e/lib/src/forecast.h
Examining data/gretl-2020e/lib/src/gretl_panel.h
Examining data/gretl-2020e/lib/src/addons_utils.h
Examining data/gretl-2020e/lib/src/libglue.h
Examining data/gretl-2020e/lib/src/graphing.h
Examining data/gretl-2020e/lib/src/gretl_cmatrix.c
Examining data/gretl-2020e/lib/src/gretl_xml.c
Examining data/gretl-2020e/lib/src/gretl_paths.h
Examining data/gretl-2020e/lib/src/boxplots.h
Examining data/gretl-2020e/lib/src/gretl_normal.h
Examining data/gretl-2020e/lib/src/dataset.h
Examining data/gretl-2020e/lib/src/gretl_www.h
Examining data/gretl-2020e/lib/src/genfuncs.h
Examining data/gretl-2020e/lib/src/varprint.h
Examining data/gretl-2020e/lib/src/var.c
Examining data/gretl-2020e/lib/src/dbwrite.c
Examining data/gretl-2020e/lib/src/pvalues.c
Examining data/gretl-2020e/lib/src/usermat.c
Examining data/gretl-2020e/lib/src/clapack_complex.h
Examining data/gretl-2020e/lib/src/kalman.h
Examining data/gretl-2020e/lib/src/genmpi.c
Examining data/gretl-2020e/lib/src/gretl_array.h
Examining data/gretl-2020e/lib/src/csvdata.h
Examining data/gretl-2020e/lib/src/missing.c
Examining data/gretl-2020e/lib/src/tsls.h
Examining data/gretl-2020e/lib/src/matrix_extra.h
Examining data/gretl-2020e/lib/src/gretl_mpi.c
Examining data/gretl-2020e/lib/src/compare.h
Examining data/gretl-2020e/lib/src/gretl_prn.h
Examining data/gretl-2020e/lib/src/gretl_win32.h
Examining data/gretl-2020e/lib/src/random.h
Examining data/gretl-2020e/lib/src/monte_carlo.c
Examining data/gretl-2020e/lib/src/objstack.h
Examining data/gretl-2020e/lib/src/objstack.c
Examining data/gretl-2020e/lib/src/dataio.c
Examining data/gretl-2020e/lib/src/genmain.c
Examining data/gretl-2020e/lib/src/dataio.h
Examining data/gretl-2020e/lib/src/flow_control.c
Examining data/gretl-2020e/lib/src/irfboot.c
Examining data/gretl-2020e/lib/src/estimate.h
Examining data/gretl-2020e/lib/src/gretl_midas.c
Examining data/gretl-2020e/lib/src/compat.c
Examining data/gretl-2020e/lib/src/dbwrite.h
Examining data/gretl-2020e/lib/src/gensyntax.c
Examining data/gretl-2020e/lib/src/gretl_prn.c
Examining data/gretl-2020e/lib/src/texprint.c
Examining data/gretl-2020e/lib/src/options.c
Examining data/gretl-2020e/lib/src/gretl_matrix.h
Examining data/gretl-2020e/lib/src/tokenize.c
Examining data/gretl-2020e/lib/src/random.c
Examining data/gretl-2020e/lib/src/clapack_double.h
Examining data/gretl-2020e/lib/src/libset.c
Examining data/gretl-2020e/lib/src/gretl_plot.c
Examining data/gretl-2020e/lib/src/dbread.c
Examining data/gretl-2020e/lib/src/gretl_mpi.h
Examining data/gretl-2020e/lib/src/bhhh_max.h
Examining data/gretl-2020e/lib/src/johansen.h
Examining data/gretl-2020e/lib/src/uservar_priv.h
Examining data/gretl-2020e/lib/src/modelprint.h
Examining data/gretl-2020e/lib/src/mspec_debug.c
Examining data/gretl-2020e/lib/src/gretl_panel.c
Examining data/gretl-2020e/lib/src/gretl_typemap.h
Examining data/gretl-2020e/lib/src/system.c
Examining data/gretl-2020e/lib/src/gretl_bfgs.h
Examining data/gretl-2020e/lib/src/gretl_list.h
Examining data/gretl-2020e/lib/src/printscan.h
Examining data/gretl-2020e/lib/src/plugins.c
Examining data/gretl-2020e/lib/src/calendar.c
Examining data/gretl-2020e/lib/src/gretl_zip.c
Examining data/gretl-2020e/lib/src/describe.c
Examining data/gretl-2020e/lib/src/gretl_list.c
Examining data/gretl-2020e/lib/src/gretl_intl.c
Examining data/gretl-2020e/lib/src/gretl_data_io.c
Examining data/gretl-2020e/lib/src/gretl_array.c
Examining data/gretl-2020e/lib/src/gretl_commands.c
Examining data/gretl-2020e/lib/src/modelprint.c
Examining data/gretl-2020e/lib/src/missing_private.h
Examining data/gretl-2020e/lib/src/kalman.c
Examining data/gretl-2020e/lib/src/forecast.c
Examining data/gretl-2020e/lib/src/gretl_utils.h
Examining data/gretl-2020e/lib/src/genmain.h
Examining data/gretl-2020e/lib/src/csvdata.c
Examining data/gretl-2020e/lib/src/estimate.c
Examining data/gretl-2020e/lib/src/texprint.h
Examining data/gretl-2020e/lib/src/gretl_www.c
Examining data/gretl-2020e/lib/src/matrix_extra.c
Examining data/gretl-2020e/lib/src/printscan.c
Examining data/gretl-2020e/lib/src/adf_kpss.c
Examining data/gretl-2020e/lib/src/varprint.c
Examining data/gretl-2020e/lib/src/gretl_string_table.h
Examining data/gretl-2020e/lib/src/geneval.c
Examining data/gretl-2020e/lib/src/gretl_win32.c
Examining data/gretl-2020e/lib/src/system.h
Examining data/gretl-2020e/lib/src/gretl_model.h
Examining data/gretl-2020e/lib/src/gretl_foreign.c
Examining data/gretl-2020e/lib/src/options.h
Examining data/gretl-2020e/lib/src/vartest.c
Examining data/gretl-2020e/lib/src/compare.c
Examining data/gretl-2020e/lib/src/gretl_errors.h
Examining data/gretl-2020e/lib/src/discrete.h
Examining data/gretl-2020e/lib/src/swap_bytes.h
Examining data/gretl-2020e/lib/src/gretl_bfgs.c
Examining data/gretl-2020e/lib/src/estim_private.h
Examining data/gretl-2020e/lib/src/gretl_foreign.h
Examining data/gretl-2020e/lib/src/gretl_intl.h
Examining data/gretl-2020e/lib/src/dbread.h
Examining data/gretl-2020e/lib/src/gretl_paths.c
Examining data/gretl-2020e/lib/src/gretl_help.c
Examining data/gretl-2020e/lib/src/interact.h
Examining data/gretl-2020e/lib/src/pvalues.h
Examining data/gretl-2020e/lib/src/genparse.h
Examining data/gretl-2020e/lib/src/cmd_private.h
Examining data/gretl-2020e/lib/src/flow_control.h
Examining data/gretl-2020e/lib/src/nls.c
Examining data/gretl-2020e/lib/src/printout.c
Examining data/gretl-2020e/lib/src/printout.h
Examining data/gretl-2020e/lib/src/uservar.c
Examining data/gretl-2020e/lib/src/gretl_utils.c
Examining data/gretl-2020e/lib/src/matrix_simd.c
Examining data/gretl-2020e/lib/src/gretl_restrict.h
Examining data/gretl-2020e/lib/src/gretl_untar.h
Examining data/gretl-2020e/lib/src/plugins.h
Examining data/gretl-2020e/lib/src/nls.h
Examining data/gretl-2020e/lib/src/libgretl.h
Examining data/gretl-2020e/lib/src/transforms.c
Examining data/gretl-2020e/lib/src/addons_utils.c
Examining data/gretl-2020e/lib/src/gretl_func.h
Examining data/gretl-2020e/lib/src/gretl_plot.h
Examining data/gretl-2020e/lib/src/gretl_normal.c
Examining data/gretl-2020e/lib/src/plotspec.h
Examining data/gretl-2020e/lib/src/gmm.c
Examining data/gretl-2020e/lib/src/gretl_cmatrix.h
Examining data/gretl-2020e/lib/src/gretl_typemap.c
Examining data/gretl-2020e/lib/src/nonparam.h
Examining data/gretl-2020e/lib/src/qr_estimate.c
Examining data/gretl-2020e/lib/src/gretl_zip.h
Examining data/gretl-2020e/lib/src/genr_optim.h
Examining data/gretl-2020e/lib/src/var.h
Examining data/gretl-2020e/lib/src/gretl_data_io.h
Examining data/gretl-2020e/lib/src/strutils.c
Examining data/gretl-2020e/lib/src/adf_kpss.h
Examining data/gretl-2020e/lib/src/libset.h
Examining data/gretl-2020e/lib/src/libglue.c
Examining data/gretl-2020e/lib/src/gretl_btree.h
Examining data/gretl-2020e/lib/src/nonparam.c
Examining data/gretl-2020e/lib/src/gretl_errors.c
Examining data/gretl-2020e/lib/src/version.h
Examining data/gretl-2020e/lib/src/genlex.c
Examining data/gretl-2020e/lib/src/usermat.h
Examining data/gretl-2020e/lib/src/gretl_help.h
Examining data/gretl-2020e/lib/src/gretl_untar.c
Examining data/gretl-2020e/lib/src/laginfo.c
Examining data/gretl-2020e/lib/src/gretl_string_table.c
Examining data/gretl-2020e/lib/src/dataset.c
Examining data/gretl-2020e/lib/src/qr_estimate.h
Examining data/gretl-2020e/lib/src/gretl_bundle.c
Examining data/gretl-2020e/lib/src/interact.c
Examining data/gretl-2020e/lib/src/dbnread.c
Examining data/gretl-2020e/lib/src/gretl_xml.h
Examining data/gretl-2020e/lib/src/bootstrap.h
Examining data/gretl-2020e/lib/src/bhhh_max.c
Examining data/gretl-2020e/lib/src/compat.h
Examining data/gretl-2020e/lib/src/nlspec.h
Examining data/gretl-2020e/lib/src/bootstrap.c
Examining data/gretl-2020e/lib/src/tsls.c
Examining data/gretl-2020e/lib/src/gretl_btree.c
Examining data/gretl-2020e/lib/src/plotspec.c
Examining data/gretl-2020e/lib/src/transforms.h
Examining data/gretl-2020e/lib/src/genfuncs.c
Examining data/gretl-2020e/lib/src/strutils.h
Examining data/gretl-2020e/lib/src/subsample.h
Examining data/gretl-2020e/lib/src/subsample.c
Examining data/gretl-2020e/lib/src/monte_carlo.h
Examining data/gretl-2020e/lib/src/describe.h
Examining data/gretl-2020e/lib/src/gretl_commands.h
Examining data/gretl-2020e/lib/src/gretl_midas.h
Examining data/gretl-2020e/lib/src/gretl_f2c.h
Examining data/gretl-2020e/lib/src/gretl_bundle.h
Examining data/gretl-2020e/lib/src/graphing.c
Examining data/gretl-2020e/lib/src/gretl_func.c
Examining data/gretl-2020e/lib/src/poisson.h
Examining data/gretl-2020e/lib/src/missing.h
Examining data/gretl-2020e/lib/src/vartest.h
Examining data/gretl-2020e/lib/src/boxplots.c
Examining data/gretl-2020e/lib/src/gretl_matrix.c
Examining data/gretl-2020e/lib/src/gretl_restrict.c
Examining data/gretl-2020e/minpack/lbfgsb.c
Examining data/gretl-2020e/minpack/lmdif.c
Examining data/gretl-2020e/minpack/qrsolv.c
Examining data/gretl-2020e/minpack/qrfac.c
Examining data/gretl-2020e/minpack/minpack.h
Examining data/gretl-2020e/minpack/enorm.c
Examining data/gretl-2020e/minpack/fdjac2.c
Examining data/gretl-2020e/minpack/lmpar.c
Examining data/gretl-2020e/minpack/lmder.c
Examining data/gretl-2020e/builddate.c
Examining data/gretl-2020e/utils/dbzip/gretlzip.c
Examining data/gretl-2020e/utils/FRED/fred2db.c
Examining data/gretl-2020e/utils/FRB/frb2db.c
Examining data/gretl-2020e/utils/scriptfix/scriptfix.c
Examining data/gretl-2020e/extra/nls_example.c
Examining data/gretl-2020e/extra/arma_example.c
Examining data/gretl-2020e/extra/simple_client.c
Examining data/gretl-2020e/share/bcih/mkbin.c
Examining data/gretl-2020e/cli/gretlcli.c
Examining data/gretl-2020e/cli/complete.c
Examining data/gretl-2020e/cli/cli_object.c
Examining data/gretl-2020e/cli/gretlcli-mpi.c
Examining data/gretl-2020e/rng/SFMT.c
Examining data/gretl-2020e/rng/SFMT-sse2.h
Examining data/gretl-2020e/rng/SFMT-params.h
Examining data/gretl-2020e/rng/SFMT-params19937.h
Examining data/gretl-2020e/rng/SFMT-common.h
Examining data/gretl-2020e/rng/SFMT.h
Examining data/gretl-2020e/addons/gfnstrings.c
Examining data/gretl-2020e/addons/gfnindex.c
Examining data/gretl-2020e/tests/nistcheck.c
Examining data/gretl-2020e/tests/nist-nls/nist-nls-test.c
Examining data/gretl-2020e/tests/rng/gretltest.c

FINAL RESULTS:

data/gretl-2020e/cli/gretlcli-mpi.c:107:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(fname, s, MAXLEN - 1);
data/gretl-2020e/cli/gretlcli-mpi.c:195:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(linebak, line, MAXLINE-1);
data/gretl-2020e/cli/gretlcli.c:129:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(fname, s, MAXLEN - 1);
data/gretl-2020e/cli/gretlcli.c:253:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(linebak, line, MAXLINE-1);
data/gretl-2020e/gui/cmdstack.c:294:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(buf, p, TESTLEN - 1);
data/gretl-2020e/gui/database.c:1844:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(sinfo->varname, tmp, VNAMELEN - 1);
data/gretl-2020e/gui/database.c:1906:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(sinfo->stobs, stobs, OBSLEN - 1);
data/gretl-2020e/gui/database.c:1907:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(sinfo->endobs, endobs, OBSLEN - 1);
data/gretl-2020e/gui/datawiz.c:164:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(dataset->varname[1], buf, VNAMELEN - 1);
data/gretl-2020e/gui/dialogs.c:5910:9:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
        strncat(h->targ, s, VNAMELEN - 1);
data/gretl-2020e/gui/filelists.c:391:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(fullname, fname, FILENAME_MAX-1);
data/gretl-2020e/gui/fileselect.c:613:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(fname, in_fname, FILENAME_MAX - 1);
data/gretl-2020e/gui/fncall.c:1884:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(auxname, cinfo->args[i], VNAMELEN);
data/gretl-2020e/gui/gpt_control.c:1694:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(spec->labels[i].text, text, PLOT_LABEL_TEXT_LEN);
data/gretl-2020e/gui/gpt_control.c:2205:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(spec->xvarname, val, MAXDISP-1);
data/gretl-2020e/gui/gpt_control.c:2209:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(spec->yvarname, val, MAXDISP-1);
data/gretl-2020e/gui/gpt_dialog.c:857:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(user_barsfile, fname, FILENAME_MAX-1);
data/gretl-2020e/gui/gpt_dialog.c:2167:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(tmp, s, GP_MAXFORMULA - 1);
data/gretl-2020e/gui/gretl.c:192:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(tryfile, fname, MAXLEN - 1);
data/gretl-2020e/gui/gretl.c:666:3:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
		strncat(filearg, argv_u8[1], MAXLEN - 1);
data/gretl-2020e/gui/gretl.c:771:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(auxname, optdb, MAXLEN - 1);
data/gretl-2020e/gui/gretl.c:774:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(auxname, optwebdb, MAXLEN - 1);
data/gretl-2020e/gui/gretl.c:776:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(auxname, optpkg, MAXLEN - 1);
data/gretl-2020e/gui/gretl.c:817:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(filearg, argv[1], MAXLEN - 1);
data/gretl-2020e/gui/gretl.c:2252:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(lname, buf, VNAMELEN - 1);
data/gretl-2020e/gui/gretlwin32.c:169:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(Rcommand, tmp, MAXSTR - 1);
data/gretl-2020e/gui/gui_utils.c:4979:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(vname, key, VNAMELEN - 1);
data/gretl-2020e/gui/gui_utils.c:5598:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(namebit, name, VNAMELEN - 1);
data/gretl-2020e/gui/library.c:172:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(libline, s, MAXLINE - 1);
data/gretl-2020e/gui/library.c:4019:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(realline, tmp, MAXLINE - 1);
data/gretl-2020e/gui/library.c:6691:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(descrip, note, MAXLABEL - 1);
data/gretl-2020e/gui/session.c:388:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(text->name, tname, MAXSAVENAME - 1);
data/gretl-2020e/gui/session.c:444:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(graph->name, grname, MAXSAVENAME - 1);
data/gretl-2020e/gui/session.c:449:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(graph->fname, fname, MAXLEN - 1);
data/gretl-2020e/gui/session.c:718:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(tname, title + 7, MAXSAVENAME - 1);
data/gretl-2020e/gui/session.c:2626:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(session.graphs[i]->name, newname, MAXSAVENAME - 1);
data/gretl-2020e/gui/session.c:2661:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(sm->name, newname, MAXSAVENAME - 1);
data/gretl-2020e/gui/session.c:2695:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(st->name, newname, MAXSAVENAME - 1);
data/gretl-2020e/gui/settings.c:2496:3:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
		strncat(linevar, line + strlen(key) + 3, MAXLEN-1);
data/gretl-2020e/gui/ssheet.c:970:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(varname, buf, VNAMELEN - 1);
data/gretl-2020e/gui/ssheet.c:989:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(obsmarker, buf, OBSLEN - 1);
data/gretl-2020e/gui/ssheet.c:1666:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(newname, buf, VNAMELEN - 1);
data/gretl-2020e/gui/ssheet.c:3900:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(s->name, name, VNAMELEN - 1);
data/gretl-2020e/gui/textbuf.c:1642:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(tagname, text, TAGLEN-1);
data/gretl-2020e/gui/textbuf.c:1647:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(tagname, text, TAGLEN-1);
data/gretl-2020e/gui/varinfo.c:409:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(nset->descrip, s, MAXLABEL - 1);
data/gretl-2020e/lib/src/boxplots.c:1382:7:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
		    strncat(grp->plots[i++].varname, label, VNAMELEN-1);
data/gretl-2020e/lib/src/csvdata.c:863:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(bad, label, OBSLEN-1);
data/gretl-2020e/lib/src/csvdata.c:868:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(bad, label, OBSLEN-1);
data/gretl-2020e/lib/src/csvdata.c:1959:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(tmp, s, VNAMELEN - 1);
data/gretl-2020e/lib/src/csvdata.c:2828:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(vname, s, VNAMELEN - 1);
data/gretl-2020e/lib/src/csvdata.c:5616:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(tkeyname, s, VNAMELEN - 1);
data/gretl-2020e/lib/src/csvdata.c:5653:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(name1, s, VNAMELEN - 1);
data/gretl-2020e/lib/src/csvdata.c:6673:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(tmp, jspec->mdsbase, VNAMELEN - 1);
data/gretl-2020e/lib/src/dataio.c:412:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(tmp, date, OBSLEN-1);
data/gretl-2020e/lib/src/dataio.c:425:3:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
		strncat(tmp, dset->stobs, OBSLEN-1);
data/gretl-2020e/lib/src/dataio.c:2536:7:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
		    strncat(S[i], marker, OBSLEN - 1);
data/gretl-2020e/lib/src/dataio.c:2562:3:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
		strncat(S[t], marker, OBSLEN - 1);
data/gretl-2020e/lib/src/dataio.c:3618:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(targ, dset->S[t], VNAMELEN - 1);
data/gretl-2020e/lib/src/dataset.c:1770:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(dset->varname[v], name, VNAMELEN-1);
data/gretl-2020e/lib/src/dataset.c:2969:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(targ, s, MAXDISP - 1);
data/gretl-2020e/lib/src/dataset.c:4037:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(targ, s, MAXDISP-1);
data/gretl-2020e/lib/src/dbread.c:366:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(sinfo->stobs, stobs, OBSLEN-1);
data/gretl-2020e/lib/src/dbread.c:367:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(sinfo->endobs, endobs, OBSLEN-1);
data/gretl-2020e/lib/src/dbread.c:852:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(sinfo->varname, varname, VNAMELEN - 1);
data/gretl-2020e/lib/src/dbread.c:1684:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(saved_db_name, fname, MAXLEN - 1);
data/gretl-2020e/lib/src/forecast.c:3186:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(vname, vstr, VNAMELEN - 1);
data/gretl-2020e/lib/src/genfuncs.c:3916:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(test, (*s == '"')? s + 1 : s, OBSLEN - 1);
data/gretl-2020e/lib/src/graphing.c:7421:3:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
		strncat(gset->varname[i+1], sval, VNAMELEN-1);
data/gretl-2020e/lib/src/gretl_errors.c:309:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(gretl_errmsg, str, ERRLEN - 1);
data/gretl-2020e/lib/src/gretl_errors.c:368:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(gretl_errmsg, str, ERRLEN - 1);
data/gretl-2020e/lib/src/gretl_errors.c:382:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(gretl_warnmsg, str, ERRLEN - 1);
data/gretl-2020e/lib/src/gretl_func.c:1559:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(fun->name, fname, FN_NAMELEN - 1);
data/gretl-2020e/lib/src/gretl_func.c:2048:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(fun->name, tmp, FN_NAMELEN - 1);
data/gretl-2020e/lib/src/gretl_func.c:5454:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(pkg->name, tmp, FN_NAMELEN - 1);
data/gretl-2020e/lib/src/gretl_model.c:868:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(cs->str, s, CSLEN - 1);
data/gretl-2020e/lib/src/gretl_model.c:6522:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(pmod->params[i], name, PNAMELEN - 1);
data/gretl-2020e/lib/src/gretl_model.c:6946:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(pmod->name, name, MAXSAVENAME - 1);
data/gretl-2020e/lib/src/gretl_paths.c:1928:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(fullname, fname, MAXLEN - 1);
data/gretl-2020e/lib/src/gretl_paths.c:2149:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(s, paths.tramo, MAXLEN - 1);
data/gretl-2020e/lib/src/gretl_paths.c:2441:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(targ, tmp, MAXLEN - 1);
data/gretl-2020e/lib/src/gretl_paths.c:2646:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(paths.gretldir, pkgdir, MAXLEN - 1);
data/gretl-2020e/lib/src/gretl_paths.c:2727:7:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
	nr = readlink(proc_exe, testname, FILENAME_MAX - 1);
data/gretl-2020e/lib/src/gretl_paths.c:3626:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(val, line + strlen(key) + 3, MAXLEN - 1);
data/gretl-2020e/lib/src/gretl_paths.c:3629:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(cpaths->gretldir, val, MAXLEN - 1);
data/gretl-2020e/lib/src/gretl_paths.c:3632:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(cpaths->gnuplot, val, MAXLEN - 1);
data/gretl-2020e/lib/src/gretl_paths.c:3636:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(cpaths->workdir, val, MAXLEN - 1);
data/gretl-2020e/lib/src/gretl_paths.c:3652:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(dbproxy, val, PROXLEN - 1);
data/gretl-2020e/lib/src/gretl_paths.c:3656:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(cpaths->x12a, val, MAXLEN - 1);
data/gretl-2020e/lib/src/gretl_paths.c:3658:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(cpaths->tramo, val, MAXLEN - 1);
data/gretl-2020e/lib/src/gretl_paths.c:3660:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(cpaths->rbinpath, val, MAXLEN - 1);
data/gretl-2020e/lib/src/gretl_paths.c:3662:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(cpaths->rlibpath, val, MAXLEN - 1);
data/gretl-2020e/lib/src/gretl_paths.c:3664:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(cpaths->oxlpath, val, MAXLEN - 1);
data/gretl-2020e/lib/src/gretl_paths.c:3666:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(cpaths->octpath, val, MAXLEN - 1);
data/gretl-2020e/lib/src/gretl_paths.c:3668:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(cpaths->statapath, val, MAXLEN - 1);
data/gretl-2020e/lib/src/gretl_paths.c:3670:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(cpaths->pypath, val, MAXLEN - 1);
data/gretl-2020e/lib/src/gretl_paths.c:3672:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(cpaths->jlpath, val, MAXLEN - 1);
data/gretl-2020e/lib/src/gretl_paths.c:3674:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(cpaths->mpiexec, val, MAXLEN - 1);
data/gretl-2020e/lib/src/gretl_paths.c:3676:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(cpaths->mpi_hosts, val, MAXLEN - 1);
data/gretl-2020e/lib/src/gretl_paths.c:3716:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(rcfile, path, FILENAME_MAX - 1);
data/gretl-2020e/lib/src/gretl_restrict.c:1024:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(test, s, VNAMELEN - 1);
data/gretl-2020e/lib/src/gretl_string_table.c:1101:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(fullname, fname, FILENAME_MAX - 1);
data/gretl-2020e/lib/src/gretl_untar.c:167:7:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
		    chmod(fname, tarmode);
data/gretl-2020e/lib/src/gretl_utils.c:1001:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(stobs, stobs_in, OBSLEN - 1);
data/gretl-2020e/lib/src/gretl_win32.c:145:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(netfile, pkgdir, FILENAME_MAX-1);
data/gretl-2020e/lib/src/gretl_www.c:146:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(u->url, url, URLLEN - 1);
data/gretl-2020e/lib/src/gretl_www.c:661:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(dbhost, host, DBHLEN - 1);
data/gretl-2020e/lib/src/gretl_www.c:668:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(proxyhost, proxy, sizeof proxyhost - 1);
data/gretl-2020e/lib/src/gretl_xml.c:3656:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(obstr, (char *) tmp, OBSLEN - 1);
data/gretl-2020e/lib/src/gretl_xml.c:3686:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(stobs, obstr, OBSLEN - 1);
data/gretl-2020e/lib/src/gretl_xml.c:3705:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(obstr, (char *) tmp, OBSLEN - 1);
data/gretl-2020e/lib/src/gretl_xml.c:3733:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(endobs, obstr, OBSLEN - 1);
data/gretl-2020e/lib/src/interact.c:497:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(tmp, p, SAFELEN - 1);
data/gretl-2020e/lib/src/interact.c:600:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(buf, p, TESTLEN - 1);
data/gretl-2020e/lib/src/interact.c:857:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(buf, p, TESTLEN - 1);
data/gretl-2020e/lib/src/interact.c:1958:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(newfile, cmd->param, MAXLEN - 1);
data/gretl-2020e/lib/src/libset.c:1471:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(workdir, s, MAXLEN - 1);
data/gretl-2020e/lib/src/matrix_extra.c:814:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(targ, p, VNAMELEN-1);
data/gretl-2020e/lib/src/matrix_extra.c:941:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(dset->S[t], rnames[t], OBSLEN-1);
data/gretl-2020e/lib/src/modelprint.c:4344:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(mc.name, names[i], MC_NAMELEN - 1);
data/gretl-2020e/lib/src/monte_carlo.c:833:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(clr->vname, s, VNAMELEN - 1);
data/gretl-2020e/lib/src/monte_carlo.c:841:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(clr->vname, s, VNAMELEN - 1);
data/gretl-2020e/lib/src/monte_carlo.c:1180:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(loop->eachname, s, VNAMELEN - 1);
data/gretl-2020e/lib/src/monte_carlo.c:1207:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(loop->eachname, s, VNAMELEN - 1);
data/gretl-2020e/lib/src/nls.c:656:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(p->name, name, VNAMELEN - 1);
data/gretl-2020e/lib/src/nls.c:3099:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(spec->lhname, vname, VNAMELEN - 1);
data/gretl-2020e/lib/src/printscan.c:1448:3:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
		strncat(dset->S[t], buf, OBSLEN - 1);
data/gretl-2020e/lib/src/subsample.c:997:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(formula, s, MAXLINE - 1);
data/gretl-2020e/lib/src/system.c:2366:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(sys->name, name, MAXSAVENAME - 1);
data/gretl-2020e/lib/src/uservar.c:99:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(u->name, name, VNAMELEN - 1);
data/gretl-2020e/lib/src/uservar.c:801:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(uvar->name, name, VNAMELEN - 1);
data/gretl-2020e/lib/src/uservar.c:1737:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(key, p + 1, VNAMELEN - 1);
data/gretl-2020e/lib/src/var.c:3423:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(var->name, name, MAXSAVENAME - 1);
data/gretl-2020e/plugin/eviews_import.c:297:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(dset->varname[j], vname, VNAMELEN - 1);
data/gretl-2020e/plugin/eviews_import.c:460:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(dset->stobs, tmp, OBSLEN-1);
data/gretl-2020e/plugin/excel_import.c:1393:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(dset->varname[j], xi->rows[roff].cells[i] + 1,
data/gretl-2020e/plugin/gnumeric_import.c:432:7:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
		    strncat(sheet->dset->varname[real_i], tmp, VNAMELEN - 1);
data/gretl-2020e/plugin/import_common.c:79:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(tmp, vname, VNAMELEN - 1);
data/gretl-2020e/plugin/import_common.c:92:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(vname, s, VNAMELEN - 1);
data/gretl-2020e/plugin/import_common.c:352:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(newset->S[t], s, OBSLEN - 1);
data/gretl-2020e/plugin/ods_import.c:532:3:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
		strncat(sheet->dset->varname[v], val, VNAMELEN - 1);
data/gretl-2020e/plugin/spss_import.c:423:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(vname, s, VNAMELEN - 1);
data/gretl-2020e/plugin/stata_import.c:1102:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(dset->varname[v], buf, VNAMELEN - 1);
data/gretl-2020e/plugin/vif.c:134:7:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
		    strncat(tmp, si, NAMEWIDTH - 1);
data/gretl-2020e/plugin/xlsx_import.c:341:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(xinfo->dset->varname[i], s, VNAMELEN - 1);
data/gretl-2020e/plugin/zipunzip/zipfile.c:564:4:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
			chmod(s[i]->name, attr);
data/gretl-2020e/plugin/zipunzip/zipmain.c:687:6:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	    chmod(zf.fname, attr);
data/gretl-2020e/plugin/zipunzip/zipmain.c:1121:6:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	    chmod(zf->fname, attr);
data/gretl-2020e/plugin/zipunzip/zipwork.c:817:6:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	    chmod(z->name, attr);
data/gretl-2020e/plugin/zipunzip/zsystem.c:43:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(tmp, fname, FNMAX - 1);
data/gretl-2020e/plugin/zipunzip/zunz_private.h:258:30:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
# define read_symlink(p,b,n) readlink(p,b,n)
data/gretl-2020e/utils/FRED/fred2db.c:392:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(fb->sername, (const char *) idstr, MAXNAME - 1);
data/gretl-2020e/utils/FRED/fred2db.c:393:6:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	    strncat(fb->stobs, (const char *) start, OBSLEN - 1);
data/gretl-2020e/utils/dbzip/gretlzip.c:382:2:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	strncat(outname, argv[filearg + 1], MAXLEN-1);
data/gretl-2020e/addons/gfnindex.c:12:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(fname, "./%s/%s.xml", pkg, pkg);
data/gretl-2020e/addons/gfnstrings.c:10:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(fname, "./%s/%s-i18n.c", pkg, pkg);
data/gretl-2020e/cli/cli_object.c:61:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(objname, word);
data/gretl-2020e/cli/complete.c:36:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(r, s);
data/gretl-2020e/cli/gretlcli-mpi.c:306:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(line, tmp);
data/gretl-2020e/cli/gretlcli-mpi.c:419:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(runfile, filearg);
data/gretl-2020e/cli/gretlcli-mpi.c:469:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(line, "run \"%s\"", runfile);
data/gretl-2020e/cli/gretlcli-mpi.c:471:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(line, "run %s", runfile);
data/gretl-2020e/cli/gretlcli-mpi.c:524:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(linecopy, line);
data/gretl-2020e/cli/gretlcli-mpi.c:952:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(s->runfile, runfile);
data/gretl-2020e/cli/gretlcli-mpi.c:954:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(s->runfile, runfile);
data/gretl-2020e/cli/gretlcli.c:417:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(tmp, line_read);
data/gretl-2020e/cli/gretlcli.c:428:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(line, tmp);
data/gretl-2020e/cli/gretlcli.c:461:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(s, tmp);
data/gretl-2020e/cli/gretlcli.c:528:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(given_file, filearg);
data/gretl-2020e/cli/gretlcli.c:529:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(datafile, filearg);
data/gretl-2020e/cli/gretlcli.c:563:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(runfile, datafile);
data/gretl-2020e/cli/gretlcli.c:670:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(runfile, filearg);
data/gretl-2020e/cli/gretlcli.c:732:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(cmdfile, gretl_workdir());
data/gretl-2020e/cli/gretlcli.c:790:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(line, "run \"%s\"", runfile);
data/gretl-2020e/cli/gretlcli.c:792:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(line, "run %s", runfile);
data/gretl-2020e/cli/gretlcli.c:856:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(linecopy, line);
data/gretl-2020e/cli/gretlcli.c:873:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(line, "makepkg %s\n", filearg);
data/gretl-2020e/cli/gretlcli.c:877:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(line, "pkg install %s --local\n", filearg);
data/gretl-2020e/cli/gretlcli.c:880:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(line, "pkg install %s\n", filearg);
data/gretl-2020e/cli/gretlcli.c:1106:8:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	err = system(syscmd);
data/gretl-2020e/cli/gretlcli.c:1110:8:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	err = system(syscmd);
data/gretl-2020e/cli/gretlcli.c:1395:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(s->runfile, runfile);
data/gretl-2020e/gui/calculator.c:497:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(targ, "t,%s(t,df%d)", (alt)? "bigchi" : "chi", k);
data/gretl-2020e/gui/calculator.c:894:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(spec->lines[i].title, title);
data/gretl-2020e/gui/callbacks.c:530:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(title, (ci == LOESS)? _("Loess") : _("Nadaraya-Watson"));
data/gretl-2020e/gui/clipboard.c:197:16:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    FILE *fp = popen("/usr/bin/pbcopy", "w");
data/gretl-2020e/gui/cmdstack.c:225:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(logname, fname);
data/gretl-2020e/gui/cmdstack.c:484:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(logname, tmp);
data/gretl-2020e/gui/console.c:505:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(targ, src);
data/gretl-2020e/gui/database.c:119:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(orig, conv);
data/gretl-2020e/gui/database.c:634:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dataset->varname[dbv], dbset->varname[1]);
data/gretl-2020e/gui/database.c:766:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dataset->varname[dbv], sinfo->varname);
data/gretl-2020e/gui/database.c:806:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(dataset->varname[i], sinfo->varname);
data/gretl-2020e/gui/database.c:952:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(stobs, sinfo->stobs);
data/gretl-2020e/gui/database.c:959:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(endobs, sinfo->endobs);
data/gretl-2020e/gui/database.c:995:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dset->stobs, stobs);
data/gretl-2020e/gui/database.c:996:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dset->endobs, endobs);
data/gretl-2020e/gui/database.c:1050:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dbset->varname[i+1], sinfo->varname);
data/gretl-2020e/gui/database.c:1209:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(testname, fname);
data/gretl-2020e/gui/database.c:1305:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(vwin->fname, fname);
data/gretl-2020e/gui/database.c:1432:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dbidx, vwin->fname);
data/gretl-2020e/gui/database.c:1896:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(sinfo->stobs, q + 2);
data/gretl-2020e/gui/database.c:1901:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(sinfo->endobs, q + 2);
data/gretl-2020e/gui/database.c:2597:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dbpath, target);
data/gretl-2020e/gui/database.c:2641:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(targ, gs->str);
data/gretl-2020e/gui/database.c:2661:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(targ, objname);
data/gretl-2020e/gui/database.c:2662:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(targ, ext);
data/gretl-2020e/gui/database.c:3011:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(idxname, fullname);
data/gretl-2020e/gui/database.c:3053:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(idxname, binname);
data/gretl-2020e/gui/database.c:3059:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(idxtmp, idxname);
data/gretl-2020e/gui/database.c:3374:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(srcbak, src);
data/gretl-2020e/gui/database.c:3957:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(basename, fname);
data/gretl-2020e/gui/database.c:3963:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(fname, "%s%c%s.gfn", basename, SLASH, basename);
data/gretl-2020e/gui/database.c:4285:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(dbset->varname[1], vname);
data/gretl-2020e/gui/datafiles.c:130:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(fpath, "%s%s", s1, s2);
data/gretl-2020e/gui/datafiles.c:132:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(fpath, "%s%c%s", s1, SLASH, s2);
data/gretl-2020e/gui/datafiles.c:968:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(vwin->fname, path);
data/gretl-2020e/gui/datafiles.c:1143:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(path, pkgname);
data/gretl-2020e/gui/datafiles.c:1982:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(hname, s);
data/gretl-2020e/gui/datafiles.c:2600:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(fullname, SLASHSTR);
data/gretl-2020e/gui/datafiles.c:2601:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(fullname, basename);
data/gretl-2020e/gui/datawiz.c:135:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dwinfo->stobs, dataset->stobs);
data/gretl-2020e/gui/datawiz.c:136:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dwinfo->endobs, dataset->endobs);
data/gretl-2020e/gui/datawiz.c:575:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(ctxt, _("%s, observations 1 to %d"), _("Cross-sectional data"),
data/gretl-2020e/gui/datawiz.c:591:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(ctxt, _("%s, %s to %s"), tslabel, stobs, endobs);
data/gretl-2020e/gui/datawiz.c:593:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(ctxt, _("Panel data (%s)\n"
data/gretl-2020e/gui/datawiz.c:600:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(ctxt, _("Panel data (%s)\n"
data/gretl-2020e/gui/datawiz.c:1053:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(vtest, vname);
data/gretl-2020e/gui/dialogs.c:1332:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(listname, active);
data/gretl-2020e/gui/dialogs.c:1352:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(listname, (char *) llist->data);
data/gretl-2020e/gui/dialogs.c:1669:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(s1, gtk_entry_get_text(GTK_ENTRY(button)));
data/gretl-2020e/gui/dialogs.c:1673:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(s2, gtk_entry_get_text(GTK_ENTRY(button)));
data/gretl-2020e/gui/dialogs.c:2402:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(s1, obs_button_get_string(rset->spin1));
data/gretl-2020e/gui/dialogs.c:2403:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(s2, obs_button_get_string(rset->spin2));
data/gretl-2020e/gui/dialogs.c:5454:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(msg, err);
data/gretl-2020e/gui/dialogs.c:5471:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(msg, MAXLEN, template, args);
data/gretl-2020e/gui/dialogs.c:5487:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(msg, info);
data/gretl-2020e/gui/dialogs.c:5499:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(msg, MAXLEN, template, args);
data/gretl-2020e/gui/dialogs.c:5515:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(msg, warn);
data/gretl-2020e/gui/dialogs.c:5527:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(msg, MAXLEN, template, args);
data/gretl-2020e/gui/dialogs.c:5571:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(name, txt);
data/gretl-2020e/gui/dialogs.c:5711:17:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                strcat(fmt, bit);
data/gretl-2020e/gui/filelists.c:142:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(datalist[i], fname);
data/gretl-2020e/gui/filelists.c:144:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(sessionlist[i], fname);
data/gretl-2020e/gui/filelists.c:146:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(scriptlist[i], fname);
data/gretl-2020e/gui/filelists.c:148:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(gfnlist[i], fname);
data/gretl-2020e/gui/filelists.c:150:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(wdirlist[i], fname);
data/gretl-2020e/gui/filelists.c:173:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(line, prev);
data/gretl-2020e/gui/filelists.c:365:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(fullname, cwd);
data/gretl-2020e/gui/filelists.c:367:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(fullname, fname);
data/gretl-2020e/gui/filelists.c:402:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fname, fullname);
data/gretl-2020e/gui/filelists.c:439:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(filep[i], fullname);
data/gretl-2020e/gui/filelists.c:447:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(filep[pos], fullname);
data/gretl-2020e/gui/filelists.c:509:5:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
    sscanf(s, "%s %d", ftype, &i);
data/gretl-2020e/gui/fileselect.c:198:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(fname, ext);
data/gretl-2020e/gui/fileselect.c:200:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(fname, ext);
data/gretl-2020e/gui/fileselect.c:214:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(vwin->fname, fname);
data/gretl-2020e/gui/fileselect.c:331:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(scriptfile, fname);
data/gretl-2020e/gui/fileselect.c:406:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(scriptfile, fname);
data/gretl-2020e/gui/fileselect.c:468:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(scriptfile, fname);
data/gretl-2020e/gui/fileselect.c:490:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(scriptfile, fname);
data/gretl-2020e/gui/fileselect.c:567:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(sfx, test);
data/gretl-2020e/gui/fileselect.c:749:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(suffix, "*%s", ext);
data/gretl-2020e/gui/fileselect.c:761:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tmp, s);
data/gretl-2020e/gui/fileselect.c:1070:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(savedir, folder);
data/gretl-2020e/gui/fileselect.c:1211:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(startdir, dirname);
data/gretl-2020e/gui/fileselect.c:1213:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(startdir, savedir);
data/gretl-2020e/gui/fileselect.c:1216:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(startdir, alt_gfndir);
data/gretl-2020e/gui/fileselect.c:1290:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(alt_gfndir, fname);
data/gretl-2020e/gui/filters.c:184:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(targ, (i == 0)? "ma_" : "mc_");
data/gretl-2020e/gui/filters.c:186:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(targ, (i == 0)? "ema_" : "emc_");
data/gretl-2020e/gui/filters.c:188:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(targ, (i == 0)? "hpt_" : "hp_");
data/gretl-2020e/gui/filters.c:192:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(targ, (i == 0)? "bt_" : "bc_");
data/gretl-2020e/gui/filters.c:194:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(targ, (i == 0)? "pt_" : "pc_");
data/gretl-2020e/gui/filters.c:211:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(s, _("Centered %d-period moving average of %s"),
data/gretl-2020e/gui/filters.c:214:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(s, _("%d-period moving average of %s"),
data/gretl-2020e/gui/filters.c:218:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(s, _("Residual from %d-period MA of %s"),
data/gretl-2020e/gui/filters.c:223:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(s, _("Exponential moving average of %s (current weight %g)"),
data/gretl-2020e/gui/filters.c:226:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(s, _("Residual from EMA of %s (current weight %g)"),
data/gretl-2020e/gui/filters.c:232:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(s, _("Filtered %s: one-sided Hodrick-Prescott trend (lambda = %g)"),
data/gretl-2020e/gui/filters.c:235:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(s, _("Filtered %s: one-sided Hodrick-Prescott cycle (lambda = %g)"),
data/gretl-2020e/gui/filters.c:240:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(s, _("Filtered %s: Hodrick-Prescott trend (lambda = %g)"),
data/gretl-2020e/gui/filters.c:243:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(s, _("Filtered %s: Hodrick-Prescott cycle (lambda = %g)"),
data/gretl-2020e/gui/filters.c:248:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(s, _("Filtered %s: Baxter-King, frequency %d to %d"),
data/gretl-2020e/gui/filters.c:252:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(s, _("Filtered %s: Butterworth low-pass (n=%d, cutoff=%d)"),
data/gretl-2020e/gui/filters.c:255:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(s, _("Filtered %s: Butterworth high-pass (n=%d, cutoff=%d)"),
data/gretl-2020e/gui/filters.c:260:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(s, _("Filtered %s: polynomial of order %d"),
data/gretl-2020e/gui/filters.c:263:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(s, _("Filtered %s: residual from polynomial of order %d"),
data/gretl-2020e/gui/filters.c:267:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(s, "fracdiff(%s, %g)", finfo->vname, finfo->lambda);
data/gretl-2020e/gui/filters.c:568:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(finfo->save_t, gtk_entry_get_text(GTK_ENTRY(finfo->entry1)));
data/gretl-2020e/gui/filters.c:575:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(finfo->save_c, gtk_entry_get_text(GTK_ENTRY(finfo->entry2)));
data/gretl-2020e/gui/filters.c:1167:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(title, "%s (n = %d, %s %.2fπ)", _("Gain for Butterworth filter"),
data/gretl-2020e/gui/filters.c:1221:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dataset->varname[v], vname);
data/gretl-2020e/gui/filters.c:1236:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(fcmd, "series %s = ", finfo->save_c);
data/gretl-2020e/gui/filters.c:1239:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(fcmd, "series %s = %s - ", finfo->save_t, finfo->vname);
data/gretl-2020e/gui/filters.c:1241:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(fcmd, "series %s = ", finfo->save_c);
data/gretl-2020e/gui/filters.c:1244:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(fcmd, "series %s = ", finfo->save_t);
data/gretl-2020e/gui/filters.c:1246:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(fcmd, "series %s = %s - ", finfo->save_c, finfo->vname);
data/gretl-2020e/gui/filters.c:1254:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(s, "movavg(%s, %d, %d)\n", finfo->vname,
data/gretl-2020e/gui/filters.c:1257:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(s, "movavg(%s, %g, %d)\n", finfo->vname,
data/gretl-2020e/gui/filters.c:1260:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(s, "hpfilt(%s, %g, %d)\n", finfo->vname,
data/gretl-2020e/gui/filters.c:1263:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(s, "bkfilt(%s, %d, %d, %d)\n", finfo->vname,
data/gretl-2020e/gui/filters.c:1266:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(s, "bwfilt(%s, %d, %d)\n", finfo->vname,
data/gretl-2020e/gui/filters.c:1269:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(s, "polyfit(%s, %d)\n", finfo->vname, finfo->order);
data/gretl-2020e/gui/filters.c:1271:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(s, "fracdiff(%s, %g)\n", finfo->vname, finfo->lambda);
data/gretl-2020e/gui/filters.c:1278:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(s, "setinfo %s --description=\"%s\"\n", finfo->save_t, finfo->label_t);
data/gretl-2020e/gui/filters.c:1281:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(s, "setinfo %s --description=\"%s\"\n", finfo->save_c, finfo->label_c);
data/gretl-2020e/gui/filters.c:1286:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(s, "series %s = %s - %s\n", finfo->save_c, finfo->vname,
data/gretl-2020e/gui/filters.c:1289:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(s, "setinfo %s --description=\"%s\"\n", finfo->save_c, finfo->label_c);
data/gretl-2020e/gui/fncall.c:1870:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(auxline, "%s=%s", auxname, cinfo->args[i]);
data/gretl-2020e/gui/fncall.c:1888:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(auxname, "\"%s\"", cinfo->args[i]);
data/gretl-2020e/gui/fncall.c:1950:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(line, cinfo->ret);
data/gretl-2020e/gui/fncall.c:1958:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(line, *tmpname);
data/gretl-2020e/gui/fncall.c:1963:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(line, funname);
data/gretl-2020e/gui/fncall.c:1970:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(line, cinfo->args[i]);
data/gretl-2020e/gui/fncall.c:2598:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(funname, aname);
data/gretl-2020e/gui/fncall.c:2606:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(funname, pf);
data/gretl-2020e/gui/fncall.c:2798:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(*local_path, "%s.gfn", tmp);
data/gretl-2020e/gui/fncall.c:3406:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(gpi->menupath, "/menubar%s", relpath);
data/gretl-2020e/gui/fnsave.c:261:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(fname, funname);
data/gretl-2020e/gui/fnsave.c:524:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(fname, finfo->pdfname);
data/gretl-2020e/gui/fnsave.c:535:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fname, pkgname);
data/gretl-2020e/gui/fnsave.c:729:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(savepath, finfo_pkgname(finfo));
data/gretl-2020e/gui/fnsave.c:741:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(savepath, finfo_pkgname(finfo));
data/gretl-2020e/gui/fnsave.c:1142:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(vwin->fname, fname);
data/gretl-2020e/gui/fnsave.c:1566:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dirname, finfo->fname);
data/gretl-2020e/gui/fnsave.c:1832:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(p, SLASHSTR);
data/gretl-2020e/gui/fnsave.c:1833:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(p, tmp);
data/gretl-2020e/gui/fnsave.c:1839:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(targ, "doc%c%s", SLASH, finfo->fname);
data/gretl-2020e/gui/fnsave.c:1909:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dirname, finfo->pdfname);
data/gretl-2020e/gui/fnsave.c:1917:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dirname, finfo->fname);
data/gretl-2020e/gui/fnsave.c:2250:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(s, s0);
data/gretl-2020e/gui/fnsave.c:2251:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(s, tag_lookups[i].label);
data/gretl-2020e/gui/fnsave.c:2287:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(newtags, code);
data/gretl-2020e/gui/fnsave.c:2296:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(newtags, code);
data/gretl-2020e/gui/fnsave.c:2514:2:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	sscanf(s, "%s", word);
data/gretl-2020e/gui/fnsave.c:3194:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(test, finfo->fname);
data/gretl-2020e/gui/fnsave.c:3198:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(p, fname);
data/gretl-2020e/gui/fnsave.c:3200:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(test, fname);
data/gretl-2020e/gui/fnsave.c:4078:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(dtdname, "%sfunctions%cgretlfunc.dtd", gretldir, SLASH);
data/gretl-2020e/gui/fnsave.c:4476:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(newpath, finfo->fname);
data/gretl-2020e/gui/fnsave.c:4481:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(newpath, pkgname);
data/gretl-2020e/gui/fnsave.c:4486:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(newpath, SLASHSTR);
data/gretl-2020e/gui/fnsave.c:4487:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(newpath, pkgname);
data/gretl-2020e/gui/fnsave.c:4754:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(tmp, fname);
data/gretl-2020e/gui/fnsave.c:4757:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(tmp, auxname);
data/gretl-2020e/gui/gpt_control.c:447:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(temp, "%sgpttmp", gretl_dotdir());
data/gretl-2020e/gui/gpt_control.c:469:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(restore_line, fline);
data/gretl-2020e/gui/gpt_control.c:471:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(restore_line, fline + 2);
data/gretl-2020e/gui/gpt_control.c:628:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fname, spec->fname);
data/gretl-2020e/gui/gpt_control.c:774:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(pltname, "%sgptout.tmp", gretl_dotdir());
data/gretl-2020e/gui/gpt_control.c:1335:2:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	sscanf(p + 2, format, label);
data/gretl-2020e/gui/gpt_control.c:1719:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
    n = sscanf(line, "set arrow from %lf,%lf to %lf,%lf %s",
data/gretl-2020e/gui/gpt_control.c:2024:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(styles[i].lc, lc);
data/gretl-2020e/gui/gpt_control.c:2201:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(spec->titles[0], val);
data/gretl-2020e/gui/gpt_control.c:2203:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(spec->titles[1], val);
data/gretl-2020e/gui/gpt_control.c:2207:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(spec->titles[2], val);
data/gretl-2020e/gui/gpt_control.c:2211:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(spec->titles[3], val);
data/gretl-2020e/gui/gpt_control.c:2213:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(spec->titles[4], val);
data/gretl-2020e/gui/gpt_control.c:2503:5:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    sscanf(src + 1, fmt, targ);
data/gretl-2020e/gui/gpt_control.c:2693:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	    sscanf(s, fmt, line->formula);
data/gretl-2020e/gui/gpt_control.c:2695:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	    sscanf(s, fmt, line->title);
data/gretl-2020e/gui/gpt_control.c:3077:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    if (sscanf(line + 6, fmt, vname, &v) == 2) {
data/gretl-2020e/gui/gpt_control.c:3374:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(line->rgb, styles[j].lc);
data/gretl-2020e/gui/gpt_control.c:3959:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf(label, xfmt, data_x);
data/gretl-2020e/gui/gpt_control.c:3970:7:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		    sprintf(label_y, yfmt, data_y);
data/gretl-2020e/gui/gpt_control.c:3982:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(label, label_y);
data/gretl-2020e/gui/gpt_control.c:3985:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(label, label_y);
data/gretl-2020e/gui/gpt_control.c:4066:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(tmp, fstr);      /* replacement font string */
data/gretl-2020e/gui/gpt_control.c:4069:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(tmp, p);
data/gretl-2020e/gui/gpt_control.c:4070:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(line, tmp);
data/gretl-2020e/gui/gpt_control.c:4105:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(tmpname, "%sgpttmp", gretl_dotdir());
data/gretl-2020e/gui/gpt_control.c:4832:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(temp, "%szoomtmp", gretl_dotdir());
data/gretl-2020e/gui/gpt_control.c:5545:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(plot->spec->fname, fname);
data/gretl-2020e/gui/gpt_control.c:5646:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(plot->spec->fname, fname);
data/gretl-2020e/gui/gpt_control.c:5724:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fullname, fname);
data/gretl-2020e/gui/gpt_control.c:5726:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(fullname, "%s%s", gretl_dotdir(), fname);
data/gretl-2020e/gui/gpt_control.c:5920:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(s, terms[i]);
data/gretl-2020e/gui/gpt_control.c:5985:5:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    system(gpline);
data/gretl-2020e/gui/gpt_dialog.c:290:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(colstr, spec->lines[i].rgb);
data/gretl-2020e/gui/gpt_dialog.c:449:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(xpm[8], dstrs[dt]);
data/gretl-2020e/gui/gpt_dialog.c:840:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(barsname, "%sdata%cplotbars%cnber.txt",
data/gretl-2020e/gui/gpt_dialog.c:1382:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(test, "(%s)", _("left"));
data/gretl-2020e/gui/gpt_dialog.c:1387:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(test, "(%s)", _("right"));
data/gretl-2020e/gui/gpt_dialog.c:1763:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(tmp, _(fittype_strings[i]));
data/gretl-2020e/gui/gpt_dialog.c:2333:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(label_text, "%s: ", _("box"));
data/gretl-2020e/gui/gpt_dialog.c:2335:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(label_text, "%s: ", _("median"));
data/gretl-2020e/gui/gpt_dialog.c:2338:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(label_text, "%s: ", _("c.i. bound"));
data/gretl-2020e/gui/gpt_dialog.c:2340:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(label_text, "%s: ", _("outliers"));
data/gretl-2020e/gui/gpt_dialog.c:2344:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(label_text, "%s: ", _("mean"));
data/gretl-2020e/gui/gpt_dialog.c:2346:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(label_text, "%s: ", _("outliers"));
data/gretl-2020e/gui/graph_page.c:53:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(gpage_base, gretl_dotdir());
data/gretl-2020e/gui/graph_page.c:59:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(gpage_base, base);
data/gretl-2020e/gui/graph_page.c:69:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(gpage_tex_base, p + 1);
data/gretl-2020e/gui/graph_page.c:71:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(gpage_tex_base, gpage_base);
data/gretl-2020e/gui/graph_page.c:94:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fname, gpage_base);
data/gretl-2020e/gui/graph_page.c:96:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(fname, num);
data/gretl-2020e/gui/graph_page.c:99:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(fname, ext);
data/gretl-2020e/gui/graph_page.c:476:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(outfile, "%s.ps", texsrc);
data/gretl-2020e/gui/graph_page.c:532:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(tmp, "\"%s\" -o %s.ps %s", dvips_path, texshort, texshort);
data/gretl-2020e/gui/graph_page.c:654:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tmp, latex);
data/gretl-2020e/gui/graph_page.c:675:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(latex, p);
data/gretl-2020e/gui/graph_page.c:680:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(latex, p + 3);
data/gretl-2020e/gui/graph_page.c:689:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(latex, orig);
data/gretl-2020e/gui/graphics.c:110:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(s->font, font);
data/gretl-2020e/gui/graphics.c:129:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(font, s->font);
data/gretl-2020e/gui/graphics.c:274:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(fontname, "%s %d", s->font, s->fontsize);
data/gretl-2020e/gui/graphics.c:287:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(s->font, name);
data/gretl-2020e/gui/graphics.c:309:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(fontstr, "font \"%s,%d\"", s->font, s->fontsize);
data/gretl-2020e/gui/graphics.c:312:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(fontstr, "font \"%s,%d\"", s->font, s->fontsize);
data/gretl-2020e/gui/graphics.c:321:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(termstr, "set term %s %s%s size %gin,%gin", ttype, fontstr, 
data/gretl-2020e/gui/gretl.c:294:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(gdttmp, "%suntitled.gdt", gretl_dotdir());
data/gretl-2020e/gui/gretl.c:296:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(gdttmp, "%s%s.gdt", gretl_dotdir(), title);
data/gretl-2020e/gui/gretl.c:358:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dbname, tmp);
data/gretl-2020e/gui/gretl.c:419:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(localedir, gretlhome);
data/gretl-2020e/gui/gretl.c:470:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(targ, tmp);
data/gretl-2020e/gui/gretl.c:474:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(targ, src);
data/gretl-2020e/gui/gretl.c:2112:2:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	system(cmd);
data/gretl-2020e/gui/gretl.c:2503:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(tmp, dfname + skip);
data/gretl-2020e/gui/gretl_ipc.c:246:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(newfile, "%sgretlpid.tmp", gretl_dotdir());
data/gretl-2020e/gui/gretl_ipc.c:296:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(pidfile, "%sgretl.pid", dotdir);
data/gretl-2020e/gui/gretl_ipc.c:316:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(newfile, "%sgretlpid.tmp", dotdir);
data/gretl-2020e/gui/gretl_ipc.c:368:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(pidfile, "%sgretl.pid", dotdir);
data/gretl-2020e/gui/gretl_ipc.c:380:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(newfile, "%sgretlpid.tmp", dotdir);
data/gretl-2020e/gui/gretl_ipc.c:446:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(pidfile, "%sgretl.pid", gretl_dotdir());
data/gretl-2020e/gui/gretl_ipc.c:516:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(fname, "%sopen-%ld", gretl_dotdir(), mypid);
data/gretl-2020e/gui/gretl_ipc.c:552:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(tmpname, "%sopen-%ld", gretl_dotdir(), gpid);
data/gretl-2020e/gui/gretlwin32.c:249:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(target, "%s %d", ncm.lfMenuFont.lfFaceName, point_size);
data/gretl-2020e/gui/gretlwin32.c:479:2:  [4] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
	lstrcpy(retdata, data);
data/gretl-2020e/gui/gretlwin32.c:612:15:  [4] (shell) ShellExecute:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    if ((int) ShellExecute(NULL, "open", arg, NULL, NULL, SW_SHOW) <= 32) {
data/gretl-2020e/gui/gretlwin32.c:815:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(spec, fstr);
data/gretl-2020e/gui/gretlwin32.c:1048:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buf, "[DocClose(\"%s\")]", fname);
data/gretl-2020e/gui/gretlwin32.c:1050:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buf, "[DocOpen(\"%s\")]", fname);
data/gretl-2020e/gui/gretlwin32.c:1054:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buf, "[DocOpen(\"%s\")]", fname);
data/gretl-2020e/gui/gretlwin32.c:1057:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buf, "[FileOpen(\"%s\")]", fname);
data/gretl-2020e/gui/gretlwin32.c:1060:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buf, "[DocGoToNameDest(\"%s\", %s)]", fname, dest);
data/gretl-2020e/gui/gui_recode.c:152:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(tmp, fname);
data/gretl-2020e/gui/gui_recode.c:154:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(tmp, fsize);
data/gretl-2020e/gui/gui_recode.c:160:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(tmp, p + 1);
data/gretl-2020e/gui/gui_recode.c:166:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(tmp, s);
data/gretl-2020e/gui/gui_recode.c:168:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(line, tmp);
data/gretl-2020e/gui/gui_utils.c:877:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dest, p + 1);
data/gretl-2020e/gui/gui_utils.c:879:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dest, src);
data/gretl-2020e/gui/gui_utils.c:894:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dest, mod);
data/gretl-2020e/gui/gui_utils.c:1106:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(datafile, fname);
data/gretl-2020e/gui/gui_utils.c:1372:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tmp, fname);
data/gretl-2020e/gui/gui_utils.c:1375:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tmp, fname);
data/gretl-2020e/gui/gui_utils.c:1828:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(vwin->fname, fname);
data/gretl-2020e/gui/gui_utils.c:2236:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(vwin->fname, filename);
data/gretl-2020e/gui/gui_utils.c:2389:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(vwin->fname, filename);
data/gretl-2020e/gui/gui_utils.c:2801:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(path, "/menubar/Tests/%s", s);
data/gretl-2020e/gui/gui_utils.c:2815:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(path, "/menubar/Tests/%s", s);
data/gretl-2020e/gui/gui_utils.c:4620:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(vname, "j%s_%d", mname, vecid);
data/gretl-2020e/gui/gui_utils.c:4725:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(maj, "%s %d", _("Residuals from equation"), i + 1);
data/gretl-2020e/gui/gui_utils.c:4774:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(min, "comboresid %s", cmdword);
data/gretl-2020e/gui/gui_utils.c:4783:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(min, "multiresid %s", cmdword);
data/gretl-2020e/gui/gui_utils.c:4793:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(min, "residplot_%d %s", i+1, cmdword);
data/gretl-2020e/gui/gui_utils.c:4794:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(maj, N_("Equation %d"), i+1);
data/gretl-2020e/gui/gui_utils.c:4859:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(maj, _("Response of %s"), tmp);
data/gretl-2020e/gui/gui_utils.c:4873:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(min, _("to %s"), tmp);
data/gretl-2020e/gui/gui_utils.c:4905:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(maj, "%s %d", _("EC term"), i+1);
data/gretl-2020e/gui/gui_utils.c:5733:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(targ, src);
data/gretl-2020e/gui/guiprint.c:180:5:  [4] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
    lstrcpy(lfont.lfFaceName, winfont);
data/gretl-2020e/gui/guiprint.c:224:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(hdr, I_("%s, page %d"), hdrstart, page++);
data/gretl-2020e/gui/guiprint.c:602:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(tmp, A_("Summary Statistics, using the observations %s - %s"),
data/gretl-2020e/gui/guiprint.c:608:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tmp, A_("(missing values were skipped)"));
data/gretl-2020e/gui/guiprint.c:650:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(tmp, A_("Summary Statistics, using the observations %s - %s"),
data/gretl-2020e/gui/guiprint.c:656:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(tmp, A_("for the variable %s (%d valid observations)"),
data/gretl-2020e/gui/guiprint.c:662:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(tmp, A_("(missing values were skipped)"));
data/gretl-2020e/gui/guiprint.c:922:14:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	if (t == 0) strcpy(label, dset->varname[vx]);
data/gretl-2020e/gui/guiprint.c:923:14:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	if (t == 1) strcpy(label, dset->varname[vy]);
data/gretl-2020e/gui/guiprint.c:1011:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(tmp, A_("Summary Statistics, using the observations %s--%s"),
data/gretl-2020e/gui/guiprint.c:1062:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(tmp, A_("Summary Statistics, using the observations %s--%s"),
data/gretl-2020e/gui/guiprint.c:1069:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(tmp, A_("for the variable %s (%d valid observations)"),
data/gretl-2020e/gui/guiprint.c:1253:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(tmp, A_("Correlation coefficients, using the observations "
data/gretl-2020e/gui/guiprint.c:1259:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(tmp, A_("5%% critical value (two-tailed) = %.4f for n = %d"),
data/gretl-2020e/gui/guiprint.c:1530:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(tmp, A_("Standard error of residuals = %g"),
data/gretl-2020e/gui/guiprint.c:1764:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(hi, A_("%g\\%% interval"), conf);
data/gretl-2020e/gui/guiprint.c:1848:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(tmp, A_("For %g%% confidence intervals, z(%g) = %.2f"),
data/gretl-2020e/gui/guiprint.c:1852:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(tmp, A_("For %g%% confidence intervals, t(%d, %g) = %.3f"),
data/gretl-2020e/gui/guiprint.c:1857:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(tmp, A_("%g%% interval"), conf);
data/gretl-2020e/gui/guiprint.c:2451:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(tmp, "\"%s\" \\batchmode \\input %s", latex_path, texshort);
data/gretl-2020e/gui/guiprint.c:2496:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(texfile, fname);
data/gretl-2020e/gui/guiprint.c:2498:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(texfile, "%swindow.tex", gretl_dotdir());
data/gretl-2020e/gui/guiprint.c:2543:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(tmp, "%s.pdf", texbase);
data/gretl-2020e/gui/guiprint.c:2546:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(tmp, "%s.pdf", texbase);
data/gretl-2020e/gui/helpfiles.c:1707:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(haystack, tmp);
data/gretl-2020e/gui/helpfiles.c:2042:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(path, "%sdoc%c%s", gretldir, SLASH, fname);
data/gretl-2020e/gui/helpfiles.c:2045:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(path, "%sdoc%c%s", dotdir, SLASH, fname);
data/gretl-2020e/gui/helpfiles.c:2051:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(path, "%sdoc", gretldir);
data/gretl-2020e/gui/helpfiles.c:2053:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(path, SLASHSTR);
data/gretl-2020e/gui/helpfiles.c:2054:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(path, fname);
data/gretl-2020e/gui/helpfiles.c:2067:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(path, "%sdoc", dotdir);
data/gretl-2020e/gui/helpfiles.c:2069:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(path, "%sdoc%c%s", dotdir, SLASH, fname);
data/gretl-2020e/gui/helpfiles.c:2096:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(path, x12a);
data/gretl-2020e/gui/helpfiles.c:2099:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(p + 1, "docs%c%s", SLASH, fname);
data/gretl-2020e/gui/helpfiles.c:2109:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(path, "/opt/x13as/docs/%s", fname);
data/gretl-2020e/gui/helpfiles.c:2111:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(path, "/opt/x12arima/docs/%s", fname);
data/gretl-2020e/gui/helpfiles.c:2192:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(fullpath, "%sfunctions%cdbnomics%c%s",
data/gretl-2020e/gui/helpfiles.c:2202:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(fullpath, "%sdoc%c%s", gretl_home(), SLASH, fname);
data/gretl-2020e/gui/helpfiles.c:2223:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(fullpath, "%sfunctions%cdbnomics%cdbnomics.pdf",
data/gretl-2020e/gui/helpfiles.c:2226:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(fullpath, "%sdoc%c%s", gretl_dotdir(), SLASH, fname);
data/gretl-2020e/gui/join-gui.c:871:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(optstr, ikey1);
data/gretl-2020e/gui/join-gui.c:874:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(optstr, ikey2);
data/gretl-2020e/gui/join-gui.c:884:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(optstr, okey1);
data/gretl-2020e/gui/join-gui.c:888:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(optstr, okey2);
data/gretl-2020e/gui/join-gui.c:900:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(optstr, "\"%s\"", filter);
data/gretl-2020e/gui/library.c:192:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(fullname, gretl_dotdir());
data/gretl-2020e/gui/library.c:193:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(fullname, fname);
data/gretl-2020e/gui/library.c:435:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dataset->varname[v], vname);
data/gretl-2020e/gui/library.c:472:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dataset->varname[v], vname);
data/gretl-2020e/gui/library.c:611:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(vname, fr->depvar);
data/gretl-2020e/gui/library.c:616:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(descrip, _("forecast std errors of %s"), fr->depvar);
data/gretl-2020e/gui/library.c:619:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(descrip, _("forecast of %s"), fr->depvar);
data/gretl-2020e/gui/library.c:718:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(title, selected_varname());
data/gretl-2020e/gui/library.c:3935:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(s, tmp);
data/gretl-2020e/gui/library.c:3963:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(endstr, "end %s", cstr);
data/gretl-2020e/gui/library.c:3990:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(realline, bufline);
data/gretl-2020e/gui/library.c:4270:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tmp, vname);
data/gretl-2020e/gui/library.c:4276:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(si->listname, tmp);
data/gretl-2020e/gui/library.c:4447:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(estimator, gretl_command_word(ci));
data/gretl-2020e/gui/library.c:4637:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(descrip, "loess(%s, %s, %d, %g, %d)",
data/gretl-2020e/gui/library.c:4644:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(descrip, "nadarwat(%s, %s, %g, %d, %g)",
data/gretl-2020e/gui/library.c:4723:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(S[0], yname);
data/gretl-2020e/gui/library.c:4725:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(S[2], xname);
data/gretl-2020e/gui/library.c:4781:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(estimator, gretl_command_word(action));
data/gretl-2020e/gui/library.c:5303:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dataset->varname[v], newname);
data/gretl-2020e/gui/library.c:6688:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(vname, key);
data/gretl-2020e/gui/library.c:6784:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(vname, s);
data/gretl-2020e/gui/library.c:6800:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(vname, s);
data/gretl-2020e/gui/library.c:6868:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(vname, "%s_%d", statname + 1, pmod->ID);
data/gretl-2020e/gui/library.c:7040:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(dname, _("predicted %s"), dset->varname[dv]);
data/gretl-2020e/gui/library.c:7887:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(liststr, dataset->varname[list[i]]);
data/gretl-2020e/gui/library.c:8084:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(title, listname);
data/gretl-2020e/gui/library.c:8086:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(title, dataset->varname[list[1]]);
data/gretl-2020e/gui/library.c:8662:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(scriptfile, fname);
data/gretl-2020e/gui/library.c:8684:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(temp, "%sscript_tmp", gretl_dotdir());
data/gretl-2020e/gui/library.c:8702:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(scriptfile, temp);
data/gretl-2020e/gui/library.c:8945:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(datafile, newname);
data/gretl-2020e/gui/library.c:9174:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(datafile, filename);
data/gretl-2020e/gui/library.c:9291:14:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		FILE *fp = popen("/usr/bin/osascript", "w");
data/gretl-2020e/gui/library.c:9601:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				strcat(line, tmp);
data/gretl-2020e/gui/library.c:9620:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(tmp, line);
data/gretl-2020e/gui/library.c:9622:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(state.runfile, runfile);
data/gretl-2020e/gui/menustate.c:52:13:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            fprintf(stderr, I_("Failed to flip state of \"%s\"\n"), path);
data/gretl-2020e/gui/menustate.c:124:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(fullpath, "/menubar/View/%s", viewpaths[i]);
data/gretl-2020e/gui/model_table.c:664:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(tmp, "(%s)", numstr);
data/gretl-2020e/gui/model_table.c:704:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(tmp, "[%s]", numstr);
data/gretl-2020e/gui/model_table.c:1004:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(est, A_(s));
data/gretl-2020e/gui/model_table.c:1007:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(est, A_(s));
data/gretl-2020e/gui/model_table.c:1010:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(est, _(s));
data/gretl-2020e/gui/model_table.c:1030:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(targ, "%s", R[j]);
data/gretl-2020e/gui/model_table.c:1040:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(targ, tmp);
data/gretl-2020e/gui/model_table.c:1042:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(targ, A_("Model %d"), pmod->ID);
data/gretl-2020e/gui/model_table.c:1049:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(targ, A_("Model %d"), pmod->ID);
data/gretl-2020e/gui/model_table.c:1430:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(outfile, fname);
data/gretl-2020e/gui/objectsave.c:66:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(objname, word);
data/gretl-2020e/gui/selector.c:743:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(mds_listname, gretl_bundle_get_string(b, "lname", &err));
data/gretl-2020e/gui/selector.c:907:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(cluster_var, dataset->varname[cv]);
data/gretl-2020e/gui/selector.c:1051:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(vstr, "%s(-%d)", dataset->varname[v], lag);
data/gretl-2020e/gui/selector.c:1249:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(mname, vname);
data/gretl-2020e/gui/selector.c:1256:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(mname, vname);
data/gretl-2020e/gui/selector.c:2798:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tmp, p + 2);
data/gretl-2020e/gui/selector.c:2800:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(tmp, istr);
data/gretl-2020e/gui/selector.c:2802:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(list, tmp);
data/gretl-2020e/gui/selector.c:2836:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(sr->cmdlist, add);
data/gretl-2020e/gui/selector.c:2873:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(targ, "%s%d", s0, id);
data/gretl-2020e/gui/selector.c:2875:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(targ, "%s%s", s0, dataset->varname[id]);
data/gretl-2020e/gui/selector.c:2877:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(targ, "%s%d", s0, id);
data/gretl-2020e/gui/selector.c:2888:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(targ, "%s ", s);
data/gretl-2020e/gui/selector.c:2890:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(targ, "{%s} ", s);
data/gretl-2020e/gui/selector.c:3025:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(tmp, " %s(%s%d)", vname, (li > 0)? "-" : "", li);
data/gretl-2020e/gui/selector.c:3026:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(ret, tmp);
data/gretl-2020e/gui/selector.c:3410:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(specs[i].listname, vname);
data/gretl-2020e/gui/session.c:364:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(mod->name, gretl_object_get_name(ptr, type));
data/gretl-2020e/gui/session.c:496:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(path, fname);
data/gretl-2020e/gui/session.c:501:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(path, "%s%s", session.dirname, p);
data/gretl-2020e/gui/session.c:503:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(path, "%s%c%s", session.dirname, SLASH, fname);
data/gretl-2020e/gui/session.c:519:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(path, fname);
data/gretl-2020e/gui/session.c:525:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(path, "%s%c%s", session.dirname, SLASH, fname);
data/gretl-2020e/gui/session.c:694:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(tmp, num);
data/gretl-2020e/gui/session.c:695:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tname, tmp);
data/gretl-2020e/gui/session.c:772:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(graph->fname, fname);
data/gretl-2020e/gui/session.c:847:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(graphname, "%s %d", _("Graph"), n);
data/gretl-2020e/gui/session.c:929:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(fname, fullname); /* was @shortname */
data/gretl-2020e/gui/session.c:1289:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(sname, p + 1);
data/gretl-2020e/gui/session.c:1291:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(sname, fname);
data/gretl-2020e/gui/session.c:1371:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(session.dirname, zdirname);
data/gretl-2020e/gui/session.c:1372:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(test, "%s%csession.xml", session.dirname, SLASH);
data/gretl-2020e/gui/session.c:1432:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(stderr, I_("\nReading session file %s\n"), tryname);
data/gretl-2020e/gui/session.c:1479:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(gdtname, datafile);
data/gretl-2020e/gui/session.c:1554:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(sessionfile, tryname);
data/gretl-2020e/gui/session.c:1834:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(path, p + 1);
data/gretl-2020e/gui/session.c:1836:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(path, fname);
data/gretl-2020e/gui/session.c:1940:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(datname, unpath(datafile));
data/gretl-2020e/gui/session.c:2038:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(session.dirname, dirname);
data/gretl-2020e/gui/session.c:2081:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(sessionfile, fname);
data/gretl-2020e/gui/session.c:2092:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(session.dirname, dirbak);
data/gretl-2020e/gui/session.c:2179:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(str, "%s ", gretl_command_word(pmod->ci));
data/gretl-2020e/gui/session.c:4075:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(targ, src);
data/gretl-2020e/gui/session_xml.c:73:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(fname, tmp);
data/gretl-2020e/gui/session_xml.c:375:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(sinfo->datafile, (char *) tmp);
data/gretl-2020e/gui/session_xml.c:625:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(tmp, "%s%cmodel.%d", path, SLASH, fnum);
data/gretl-2020e/gui/session_xml.c:633:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(tmp, "%s%cgraph.%d", path, SLASH, fnum);
data/gretl-2020e/gui/session_xml.c:656:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(fname, "%s%csession.xml", session.dirname, SLASH);
data/gretl-2020e/gui/session_xml.c:702:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(tmpname, "%s%cmodel.%d", session.dirname, SLASH, modnum);
data/gretl-2020e/gui/session_xml.c:745:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(tmpname, "%s%cmodel.%d", session.dirname, SLASH, modnum);
data/gretl-2020e/gui/settings.c:383:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(datapage, str);
data/gretl-2020e/gui/settings.c:388:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(scriptpage, str);
data/gretl-2020e/gui/settings.c:404:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(author_mail, s);
data/gretl-2020e/gui/settings.c:565:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(fixedfontname, fontname);
data/gretl-2020e/gui/settings.c:573:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(paths.pngfont, gretl_png_font());
data/gretl-2020e/gui/settings.c:594:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(system_appfont, *pfont);
data/gretl-2020e/gui/settings.c:656:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(appfontname, system_appfont);
data/gretl-2020e/gui/settings.c:696:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(appfontname, fontname);
data/gretl-2020e/gui/settings.c:778:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(dirname, "%s%s", gretl_home(), subdir);
data/gretl-2020e/gui/settings.c:784:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(dirname, "%s%s", gretl_dotdir(), subdir);
data/gretl-2020e/gui/settings.c:802:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(s, gretl_workdir());
data/gretl-2020e/gui/settings.c:829:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(test, gretl_home());
data/gretl-2020e/gui/settings.c:845:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(paths.tramo, test);
data/gretl-2020e/gui/settings.c:847:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(paths.x12a, test);
data/gretl-2020e/gui/settings.c:2067:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(paths.tramo, gretl_tramo());
data/gretl-2020e/gui/settings.c:2071:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(paths.x12a, gretl_x12_arima());
data/gretl-2020e/gui/settings.c:2136:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(viewpdf, viewers[i]);
data/gretl-2020e/gui/settings.c:2267:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(linevar, p + strlen(key) + 3);
data/gretl-2020e/gui/settings.c:2338:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	if (sscanf(line, "%s", key) == 1) {
data/gretl-2020e/gui/settings.c:2341:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(linevar, line + strlen(key) + 3);
data/gretl-2020e/gui/settings.c:2393:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(rcfile, home);
data/gretl-2020e/gui/settings.c:2403:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(rcfile, "%s\\gretl\\.gretl2rc", appdata);
data/gretl-2020e/gui/settings.c:2558:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(fontname, fixedfontname);
data/gretl-2020e/gui/settings.c:2560:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(fontname, appfontname);
data/gretl-2020e/gui/settings.c:2565:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(fontname, default_fixedfont);
data/gretl-2020e/gui/settings.c:2567:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(fontname, system_appfont);
data/gretl-2020e/gui/settings.c:2842:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(fontname, fixedfontname);
data/gretl-2020e/gui/settings.c:2852:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(fontname, appfontname);
data/gretl-2020e/gui/settings.c:2926:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(dumper, "%sconfig-dump.txt", gretl_workdir());
data/gretl-2020e/gui/settings.c:3149:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(paths.workdir, gretl_workdir());
data/gretl-2020e/gui/ssheet.c:339:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(sheet->location, "%s, %s", tmp, rstr);
data/gretl-2020e/gui/ssheet.c:1409:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(vname, user_var_get_name(u)); /* underscores? */
data/gretl-2020e/gui/ssheet.c:1414:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf(val, sheet->numfmt, sheet->digits, x);
data/gretl-2020e/gui/ssheet.c:1578:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dataset->varname[vj], newname);
data/gretl-2020e/gui/ssheet.c:1637:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dataset->S[t++], marker);
data/gretl-2020e/gui/ssheet.c:1691:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(sheet->mname, newname);
data/gretl-2020e/gui/ssheet.c:1869:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(tmpstr, sheet->numfmt, sheet->digits, x);
data/gretl-2020e/gui/ssheet.c:1946:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf(tmpstr, sheet->numfmt, sheet->digits, x);
data/gretl-2020e/gui/ssheet.c:1976:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf(tmpstr, sheet->numfmt, sheet->digits, x);
data/gretl-2020e/gui/ssheet.c:2011:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(vname, user_var_get_name(u)); /* underscores? */
data/gretl-2020e/gui/ssheet.c:2022:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(val, sheet->numfmt, sheet->digits, x);
data/gretl-2020e/gui/ssheet.c:2134:7:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		    sprintf(numstr, sheet->numfmt, sheet->digits,
data/gretl-2020e/gui/ssheet.c:3537:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(mdlg->spec->name, etxt);
data/gretl-2020e/gui/ssheet.c:3918:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(sheet->mname, name);
data/gretl-2020e/gui/ssheet.c:3960:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(sheet->mname, name);
data/gretl-2020e/gui/ssheet.c:4161:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(sheet->numfmt, fa->fmtchar == 'g' ? "%.*g" : "%.*f");
data/gretl-2020e/gui/tabwin.c:538:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(tmp, dfname + skip);
data/gretl-2020e/gui/textbuf.c:1633:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(tagname, p + 1);
data/gretl-2020e/gui/textbuf.c:1639:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tagname, text);
data/gretl-2020e/gui/textbuf.c:1657:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(tagname, p + 1);
data/gretl-2020e/gui/textbuf.c:1660:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(tagname, text);
data/gretl-2020e/gui/textbuf.c:1781:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(fullname, "%sgretlhelp.refs", gretldir);
data/gretl-2020e/gui/textbuf.c:3007:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(lastline, line);
data/gretl-2020e/gui/textbuf.c:3948:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(figfile, "%shelpfigs%c%s.png", gretl_home(),
data/gretl-2020e/gui/textbuf.c:4054:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tmp, s);
data/gretl-2020e/gui/textutil.c:745:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(s, tmp);
data/gretl-2020e/gui/textutil.c:840:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(targ, rtf_preamble);
data/gretl-2020e/gui/textutil.c:909:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(buf, orig);
data/gretl-2020e/gui/toolbar.c:424:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(vname, s);
data/gretl-2020e/gui/varinfo.c:230:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(line, "%s=%s", dataset->varname[v], s);
data/gretl-2020e/gui/varinfo.c:399:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(nset->vname, s);
data/gretl-2020e/lib/src/addons_utils.c:185:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(gfnname, "%s.gfn", addon_names[i]);
data/gretl-2020e/lib/src/adf_kpss.c:641:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(pvstr, "%s %s", _("p-value"), _("unknown"));
data/gretl-2020e/lib/src/adf_kpss.c:645:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(pvstr, "%s %.4g",
data/gretl-2020e/lib/src/adf_kpss.c:704:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(taustr, "tau_%s(%d)", urcstrs[i], ainfo->niv);
data/gretl-2020e/lib/src/adf_kpss.c:983:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(datapath, gretl_plugin_path());
data/gretl-2020e/lib/src/bootstrap.c:1456:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(bs->vname, dset->varname[v]);
data/gretl-2020e/lib/src/boxplots.c:508:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(grp->ylabel, dset->varname[list[1]]);
data/gretl-2020e/lib/src/boxplots.c:509:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(grp->xlabel, dset->varname[list[2]]);
data/gretl-2020e/lib/src/boxplots.c:518:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(grp->ylabel, vlabel == NULL ? "" : vlabel);
data/gretl-2020e/lib/src/boxplots.c:967:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(plot->varname, vname);
data/gretl-2020e/lib/src/boxplots.c:1247:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(grp->plots[0].varname, title);
data/gretl-2020e/lib/src/boxplots.c:1299:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	    sscanf(line + 12, fmt, yvar);
data/gretl-2020e/lib/src/boxplots.c:1301:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	    sscanf(line + 12, fmt, xvar);
data/gretl-2020e/lib/src/boxplots.c:1303:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	    sscanf(line + 11, tfmt, title);
data/gretl-2020e/lib/src/boxplots.c:1413:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(grp->ylabel, yvar);
data/gretl-2020e/lib/src/boxplots.c:1414:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(grp->xlabel, xvar);
data/gretl-2020e/lib/src/calendar.c:356:7:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	nf = sscanf(datestr, YMD_READ_FMT, &y, &m, &d);
data/gretl-2020e/lib/src/calendar.c:520:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(targ, YMD_WRITE_Y2_FMT, y % 100, m, d);
data/gretl-2020e/lib/src/calendar.c:522:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(targ, YMD_WRITE_Y4_FMT, y, m, d);
data/gretl-2020e/lib/src/calendar.c:634:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(targ, YMD_WRITE_Y4_FMT, y, m, d);
data/gretl-2020e/lib/src/calendar.c:654:10:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    nf = sscanf(datestr, YMD_READ_FMT, &y, &m, &d);
data/gretl-2020e/lib/src/calendar.c:719:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    if (sscanf(datestr, YMD_READ_FMT, &y, &m, &d) != 3) {
data/gretl-2020e/lib/src/calendar.c:973:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    if (sscanf(datestr, YMD_READ_FMT, &y, &m, &d) != 3) {
data/gretl-2020e/lib/src/calendar.c:1051:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(targ, YMD_WRITE_FMT, y, m, day);
data/gretl-2020e/lib/src/calendar.c:1328:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    if (sscanf(datestr, YMD_READ_FMT, &y, &m, &d) != 3) {
data/gretl-2020e/lib/src/compare.c:257:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(vnames, dset->varname[list[i]]);
data/gretl-2020e/lib/src/compare.c:3058:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(chowstr, dset->varname[chowparm]);
data/gretl-2020e/lib/src/compare.c:3603:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dset->varname[k], dset->varname[parent]);
data/gretl-2020e/lib/src/compare.c:3605:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(dset->varname[k], tmp);
data/gretl-2020e/lib/src/compare.c:3607:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dset->varname[k], dset->varname[src]);
data/gretl-2020e/lib/src/compat.c:260:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(word, "%s", xname);
data/gretl-2020e/lib/src/compat.c:334:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(s1, dset->varname[vy]);
data/gretl-2020e/lib/src/compat.c:396:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(s2, dset->varname[vz]);
data/gretl-2020e/lib/src/csvdata.c:765:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dset->stobs, (*reversed)? lbl2 : lbl1);
data/gretl-2020e/lib/src/csvdata.c:766:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dset->endobs, (*reversed)? lbl1 : lbl2);
data/gretl-2020e/lib/src/csvdata.c:791:5:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    sscanf(src, YMD_READ_FMT, &y, &m, &d);
data/gretl-2020e/lib/src/csvdata.c:839:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(label, dset->S[s]);
data/gretl-2020e/lib/src/csvdata.c:842:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    if (sscanf(label, fmt, &yr, &per) != 2) {
data/gretl-2020e/lib/src/csvdata.c:854:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(label, dset->S[s]);
data/gretl-2020e/lib/src/csvdata.c:857:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	if (sscanf(label, fmt, &yr, &per) != 2) {
data/gretl-2020e/lib/src/csvdata.c:895:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(skipstr, skip);
data/gretl-2020e/lib/src/csvdata.c:983:2:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	sscanf(dset->S[t], YMD_READ_FMT, &y, &d, &m);
data/gretl-2020e/lib/src/csvdata.c:984:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(dset->S[t], YMD_WRITE_FMT, d, m, y);
data/gretl-2020e/lib/src/csvdata.c:1004:10:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	    n = sscanf(label, fmt, &yr, &mon, &day);
data/gretl-2020e/lib/src/csvdata.c:1006:10:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	    n = sscanf(label, fmt, &day, &mon, &yr);
data/gretl-2020e/lib/src/csvdata.c:1008:10:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	    n = sscanf(label, fmt, &mon, &day, &yr);
data/gretl-2020e/lib/src/csvdata.c:1011:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(label, YMD_WRITE_Y2_FMT, yr, mon, day);
data/gretl-2020e/lib/src/csvdata.c:1037:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(tmp, dset->S[t]);
data/gretl-2020e/lib/src/csvdata.c:1038:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dset->S[t], dset->S[s]);
data/gretl-2020e/lib/src/csvdata.c:1039:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dset->S[s], tmp);
data/gretl-2020e/lib/src/csvdata.c:1204:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(subp, s);
data/gretl-2020e/lib/src/csvdata.c:1244:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dset->stobs, year);
data/gretl-2020e/lib/src/csvdata.c:1246:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dset->endobs, lbl2);
data/gretl-2020e/lib/src/csvdata.c:1271:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(dset->stobs, "%s:%d", year, s);
data/gretl-2020e/lib/src/csvdata.c:1273:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(dset->stobs, "%s:%s", year, sub);
data/gretl-2020e/lib/src/csvdata.c:1362:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(s, tmp);
data/gretl-2020e/lib/src/csvdata.c:2040:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(import_na, s);
data/gretl-2020e/lib/src/csvdata.c:2398:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tmp, s);
data/gretl-2020e/lib/src/csvdata.c:2507:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(clean, s);
data/gretl-2020e/lib/src/csvdata.c:2523:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tmp, s);
data/gretl-2020e/lib/src/csvdata.c:2534:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tmp, s);
data/gretl-2020e/lib/src/csvdata.c:2636:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(desc, "%s\n", line);
data/gretl-2020e/lib/src/csvdata.c:2647:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(desc, line);
data/gretl-2020e/lib/src/csvdata.c:2765:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(s, name);
data/gretl-2020e/lib/src/csvdata.c:2773:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(screen, s);
data/gretl-2020e/lib/src/csvdata.c:2979:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(c->dset->varname[j], okname);
data/gretl-2020e/lib/src/csvdata.c:4904:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    if (sscanf(obs, YMD_READ_FMT, &y, &m, &d) == 3) {
data/gretl-2020e/lib/src/csvdata.c:5337:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(label, "%s in sub-period %d",
data/gretl-2020e/lib/src/csvdata.c:5588:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(dset->varname[v], vnames[i-1]);
data/gretl-2020e/lib/src/csvdata.c:5668:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(name2, s);
data/gretl-2020e/lib/src/dataio.c:215:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(targ, src + 1);
data/gretl-2020e/lib/src/dataio.c:221:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(targ, src);
data/gretl-2020e/lib/src/dataio.c:303:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(revs1, s1);
data/gretl-2020e/lib/src/dataio.c:309:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(revs2, s2);
data/gretl-2020e/lib/src/dataio.c:524:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(datestr, dset->S[t]);
data/gretl-2020e/lib/src/dataio.c:558:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(datestr, fmt, x);
data/gretl-2020e/lib/src/dataio.c:573:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(datestr, dset->S[t]);
data/gretl-2020e/lib/src/dataio.c:1144:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(datfile, fname);
data/gretl-2020e/lib/src/dataio.c:1872:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dset->varname[v], addset->varname[i]);
data/gretl-2020e/lib/src/dataio.c:2005:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(dset->S[t], addset->S[t-offset]);
data/gretl-2020e/lib/src/dataio.c:2261:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(dset->varname[v], addset->varname[i]);
data/gretl-2020e/lib/src/dataio.c:2541:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			    strcpy(S[i+t], S[i]);
data/gretl-2020e/lib/src/dataio.c:2942:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(name, s);
data/gretl-2020e/lib/src/dataio.c:2950:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(name, nstr);
data/gretl-2020e/lib/src/dataio.c:3133:10:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	    if (sscanf(line, fmt, name) == 1) {
data/gretl-2020e/lib/src/dataset.c:244:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(targ->stobs, src->stobs);
data/gretl-2020e/lib/src/dataset.c:245:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(targ->endobs, src->endobs);
data/gretl-2020e/lib/src/dataset.c:355:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(targ->display_name, src->display_name);
data/gretl-2020e/lib/src/dataset.c:356:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(targ->parent, src->parent);
data/gretl-2020e/lib/src/dataset.c:1116:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(S[k], dset->S[s++]);
data/gretl-2020e/lib/src/dataset.c:1199:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dset->S[t], dset->S[t-1]);
data/gretl-2020e/lib/src/dataset.c:1576:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dset->varname[v], name);
data/gretl-2020e/lib/src/dataset.c:1612:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dset->varname[vnew], name);
data/gretl-2020e/lib/src/dataset.c:1896:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(vname, dset->varname[list[1]]);
data/gretl-2020e/lib/src/dataset.c:2185:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(vname, dset->varname[v_old]);
data/gretl-2020e/lib/src/dataset.c:2191:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dset->varname[i], dset->varname[i-1]);
data/gretl-2020e/lib/src/dataset.c:2198:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dset->varname[i], dset->varname[i+1]);
data/gretl-2020e/lib/src/dataset.c:2204:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dset->varname[v_new], vname);
data/gretl-2020e/lib/src/dataset.c:2274:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(dset->descrip, "matrix:%s", name);
data/gretl-2020e/lib/src/dataset.c:2380:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(newset->varname[k], dset->varname[i]);
data/gretl-2020e/lib/src/dataset.c:2641:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(S[t], dset->S[sv[t].obsnum]);
data/gretl-2020e/lib/src/dataset.c:2854:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(dset->S[bigt], dset->S[t]);
data/gretl-2020e/lib/src/dataset.c:2878:2:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	sscanf(s, fmt, targ);
data/gretl-2020e/lib/src/dataset.c:2909:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	if (sscanf(s, fmt, parent) == 1) {
data/gretl-2020e/lib/src/dataset.c:3247:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(S[t], dset->S[s]);
data/gretl-2020e/lib/src/dataset.c:3326:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(vname, dset->varname[v_old]);
data/gretl-2020e/lib/src/dataset.c:3633:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(dset->stobs, dset->S[0]);
data/gretl-2020e/lib/src/dataset.c:3634:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(dset->endobs, dset->S[new_n-1]);
data/gretl-2020e/lib/src/dataset.c:4053:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dset->varinfo[i]->parent, parent);
data/gretl-2020e/lib/src/dataset.c:4508:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(tmp, bit);
data/gretl-2020e/lib/src/dataset.c:4509:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(tmp, S[i]);
data/gretl-2020e/lib/src/dataset.c:5047:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(bigset->stobs, dset->stobs);
data/gretl-2020e/lib/src/dbnread.c:219:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(sinfo->stobs, dbset.stobs);
data/gretl-2020e/lib/src/dbnread.c:220:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(sinfo->endobs, dbset.endobs);
data/gretl-2020e/lib/src/dbread.c:139:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dbbin, dbbase);
data/gretl-2020e/lib/src/dbread.c:356:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(sinfo->stobs, q);
data/gretl-2020e/lib/src/dbread.c:361:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(sinfo->endobs, q);
data/gretl-2020e/lib/src/dbread.c:383:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dbbase, dname);
data/gretl-2020e/lib/src/dbread.c:385:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dbbase, saved_db_name);
data/gretl-2020e/lib/src/dbread.c:393:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fname, dbbase);
data/gretl-2020e/lib/src/dbread.c:399:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(name1, fname);
data/gretl-2020e/lib/src/dbread.c:413:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fname, dbbase);
data/gretl-2020e/lib/src/dbread.c:419:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(name2, fname);
data/gretl-2020e/lib/src/dbread.c:555:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(sinfo->varname, sername);
data/gretl-2020e/lib/src/dbread.c:676:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dbidx, saved_db_name);
data/gretl-2020e/lib/src/dbread.c:699:11:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	    nf = sscanf(line + 1, fmt, sinfo->varname, &y0, &p0,
data/gretl-2020e/lib/src/dbread.c:833:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(stderr, I_("frequency (%d) does not make seem to make sense"),
data/gretl-2020e/lib/src/dbread.c:842:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(sinfo->stobs, pdstr);
data/gretl-2020e/lib/src/dbread.c:879:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(stderr, I_("frequency %d is not supported"), pd);
data/gretl-2020e/lib/src/dbread.c:891:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(sinfo->varname, varname);
data/gretl-2020e/lib/src/dbread.c:1153:11:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	    nf = sscanf(line + 1, fmt, sname, &y0, &p0, &y1,
data/gretl-2020e/lib/src/dbread.c:1206:11:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	    nf = sscanf(line + 1, fmt, sname, &y0, &p0, &y1,
data/gretl-2020e/lib/src/dbread.c:1647:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(new_stobs, stobs);
data/gretl-2020e/lib/src/dbread.c:1666:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(stobs, new_stobs);
data/gretl-2020e/lib/src/dbread.c:1734:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(saved_db_name, tmp);
data/gretl-2020e/lib/src/dbread.c:1769:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(needle, "%s=", tag);
data/gretl-2020e/lib/src/dbread.c:1905:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dset->endobs, stop);
data/gretl-2020e/lib/src/dbread.c:2311:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dset->varname[v], vnames[i]);
data/gretl-2020e/lib/src/dbread.c:2635:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(sinfo.varname, altname);
data/gretl-2020e/lib/src/dbread.c:2668:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(vname, s);
data/gretl-2020e/lib/src/dbread.c:2857:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tmp1, gretl_dotdir());
data/gretl-2020e/lib/src/dbread.c:2864:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tmp2, gretl_dotdir());
data/gretl-2020e/lib/src/dbread.c:2899:3:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
		sscanf(s, "%s", series);
data/gretl-2020e/lib/src/dbread.c:3120:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dset->stobs, sinfo->stobs);
data/gretl-2020e/lib/src/dbread.c:3121:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dset->endobs, sinfo->endobs);
data/gretl-2020e/lib/src/dbread.c:3180:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tmpset->stobs, sinfo->stobs);
data/gretl-2020e/lib/src/dbread.c:3181:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tmpset->endobs, sinfo->endobs);
data/gretl-2020e/lib/src/dbread.c:3185:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tmpset->varname[1], sinfo->varname);
data/gretl-2020e/lib/src/dbread.c:3388:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dset->varname[dbv], sinfo->varname);
data/gretl-2020e/lib/src/dbread.c:3505:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    if (sscanf(obs, YMD_READ_FMT, y, &mon, &day) != 3) {
data/gretl-2020e/lib/src/dbread.c:3719:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(cset->varname[k+j], dset->varname[i]);
data/gretl-2020e/lib/src/dbread.c:3722:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(cset->varname[k+j], sfx);
data/gretl-2020e/lib/src/dbread.c:3723:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(label, "%s in day %d of %s", dset->varname[i],
data/gretl-2020e/lib/src/dbread.c:3872:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(cset->varname[k+j], dset->varname[i]);
data/gretl-2020e/lib/src/dbread.c:3884:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(cset->varname[k+j], sfx);
data/gretl-2020e/lib/src/dbread.c:3885:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(label, "%s in %s %d of %s", dset->varname[i],
data/gretl-2020e/lib/src/dbread.c:4249:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    if (sscanf(dset->stobs, YMD_READ_FMT, &y1, &m1, &d1) != 3) {
data/gretl-2020e/lib/src/dbread.c:4252:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    if (sscanf(dset->endobs, YMD_READ_FMT, &y2, &m2, &d2) != 3) {
data/gretl-2020e/lib/src/dbread.c:4345:2:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	sscanf(obsstr, YMD_READ_FMT, &yr, &mon, &day);
data/gretl-2020e/lib/src/dbread.c:4417:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	if (sscanf(obsstr, YMD_READ_FMT, &yr, &mon, &day) != 3) {
data/gretl-2020e/lib/src/dbread.c:4543:3:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
		sscanf(obs, YMD_READ_FMT, &y1, &m1, &d1);
data/gretl-2020e/lib/src/dbread.c:4591:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(dset->stobs, YMD_WRITE_Y4_FMT, y1, m1, d1);
data/gretl-2020e/lib/src/dbread.c:4905:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(stobs, dset->S[min_startskip]);
data/gretl-2020e/lib/src/dbread.c:4921:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dset->stobs, stobs);
data/gretl-2020e/lib/src/dbread.c:5035:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(stobs, dset->stobs);
data/gretl-2020e/lib/src/dbread.c:5058:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dset->stobs, stobs);
data/gretl-2020e/lib/src/dbwrite.c:352:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(idxcpy, idxname);
data/gretl-2020e/lib/src/dbwrite.c:355:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(bincpy, binname);
data/gretl-2020e/lib/src/dbwrite.c:489:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(base, fname);
data/gretl-2020e/lib/src/dbwrite.c:495:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(idxname, base);
data/gretl-2020e/lib/src/dbwrite.c:514:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(binname, base);
data/gretl-2020e/lib/src/describe.c:1282:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(freq->varname, vname);
data/gretl-2020e/lib/src/describe.c:2672:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tab->rvarname, dset->varname[rv]);
data/gretl-2020e/lib/src/describe.c:2673:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tab->cvarname, dset->varname[cv]);
data/gretl-2020e/lib/src/describe.c:2753:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tab->rvarname, dset->varname[rv]);
data/gretl-2020e/lib/src/describe.c:2754:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tab->cvarname, dset->varname[cv]);
data/gretl-2020e/lib/src/describe.c:3942:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(title, _("Correlations of %s and lagged %s"),
data/gretl-2020e/lib/src/describe.c:5042:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(fmt, "%%%s%d.%d%c", s, len, prec, t);
data/gretl-2020e/lib/src/describe.c:6496:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(tmp, _("%s, using the observations %s - %s"),
data/gretl-2020e/lib/src/forecast.c:407:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(fr->depvar, dvname);
data/gretl-2020e/lib/src/forecast.c:412:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fr->depvar, dset->varname[dv]);
data/gretl-2020e/lib/src/forecast.c:1233:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(formula, "$nl_y = %s", nlfunc);
data/gretl-2020e/lib/src/forecast.c:1256:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(formula, pmod->depvar);
data/gretl-2020e/lib/src/forecast.c:1342:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(formula, "$midas_y=%s", mdsfunc);
data/gretl-2020e/lib/src/forecast.c:1360:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(formula, "%s=%s", dset->varname[yno], mdsfunc);
data/gretl-2020e/lib/src/forecast.c:1409:4:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
   vfprintf(stderr, format, args);
data/gretl-2020e/lib/src/forecast.c:2980:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fr->depvar, dset->varname[yno]);
data/gretl-2020e/lib/src/forecast.c:3563:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(dset->varname[v], vname);
data/gretl-2020e/lib/src/forecast.c:3702:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(fr->depvar, dset->varname[yno]);
data/gretl-2020e/lib/src/forecast.c:4300:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fr->depvar, dset->varname[pmod->list[1]]);
data/gretl-2020e/lib/src/geneval.c:82:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, format, args);
data/gretl-2020e/lib/src/geneval.c:2508:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(p->dset->varname[vnew], p->lh.name);
data/gretl-2020e/lib/src/geneval.c:2566:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(slr, "%s.%s", Sl[i], Sr[j]);
data/gretl-2020e/lib/src/geneval.c:7801:17:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                strcat(ret->v.str, l->v.str);
data/gretl-2020e/lib/src/geneval.c:7802:17:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                strcat(ret->v.str, r->v.str);
data/gretl-2020e/lib/src/geneval.c:11024:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(s1, tmp);
data/gretl-2020e/lib/src/geneval.c:14814:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(p->dset->varname[vnum], vname);
data/gretl-2020e/lib/src/geneval.c:15286:17:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
            if (sscanf(obs, YMD_READ_FMT, &y, &m, &d) != 3) {
data/gretl-2020e/lib/src/geneval.c:15864:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(msg, "'%s': expected %s", n->vname, getsymb(n->t));
data/gretl-2020e/lib/src/geneval.c:15880:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(msg, add);
data/gretl-2020e/lib/src/geneval.c:18062:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(p->dset->varname[v], S[i]);
data/gretl-2020e/lib/src/geneval.c:18180:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(opstr, test);
data/gretl-2020e/lib/src/geneval.c:18194:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(p->lh.name, lhs);
data/gretl-2020e/lib/src/geneval.c:18199:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(p->lh.name, lhs);
data/gretl-2020e/lib/src/geneval.c:19087:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(newstr, orig);
data/gretl-2020e/lib/src/geneval.c:19088:17:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                strcat(newstr, src);
data/gretl-2020e/lib/src/geneval.c:19747:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(p->dset->varname[v], p->lh.name);
data/gretl-2020e/lib/src/genfuncs.c:2951:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(vname, "%s%d", dumstr, k);
data/gretl-2020e/lib/src/genfuncs.c:2952:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(vlabel, _("%s = 1 if period is %d, 0 otherwise"), vname, k);
data/gretl-2020e/lib/src/genfuncs.c:3066:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dset->varname[vi], vname);
data/gretl-2020e/lib/src/genfuncs.c:3300:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dset->varname[dnum], vname);
data/gretl-2020e/lib/src/genfuncs.c:3301:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(label, _("%s = 1 if %s is %d, 0 otherwise"), vname,
data/gretl-2020e/lib/src/genfuncs.c:3331:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dset->varname[dnum], vname);
data/gretl-2020e/lib/src/genfuncs.c:3332:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(label, _("%s = 1 if %s is %d, 0 otherwise"), vname,
data/gretl-2020e/lib/src/genfuncs.c:3902:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dset->varname[v], vname);
data/gretl-2020e/lib/src/genfuncs.c:5151:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(rname, "c%s_%d", lname, i + minlag);
data/gretl-2020e/lib/src/genfuncs.c:5153:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(rname, "%s_%d", lname, i + minlag);
data/gretl-2020e/lib/src/genfuncs.c:5156:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(rname, "%s_%d", cumulate ? "cmult" : "mult",
data/gretl-2020e/lib/src/genfuncs.c:5221:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(vname, "%s%d", prefix, i+1);
data/gretl-2020e/lib/src/genfuncs.c:5248:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(dset->varname[k], "%s%d", prefix, f_ratio - i);
data/gretl-2020e/lib/src/genfuncs.c:5249:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(label, "%s in sub-period %d", prefix, f_ratio - i);
data/gretl-2020e/lib/src/genfuncs.c:7811:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(obs1, stobs);
data/gretl-2020e/lib/src/genfuncs.c:7812:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(obs2, endobs);
data/gretl-2020e/lib/src/genfuncs.c:7834:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dset.stobs, obs1);
data/gretl-2020e/lib/src/genmain.c:172:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    if (sscanf(s, fmt, vname, &lag) == 2) {
data/gretl-2020e/lib/src/genmain.c:364:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    if (sscanf(s, fmt, lname, vname) == 2) {
data/gretl-2020e/lib/src/genmain.c:630:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(p->lh.name, s);
data/gretl-2020e/lib/src/genmain.c:731:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(spec, s);
data/gretl-2020e/lib/src/gmm.c:409:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(s->oc->ecols[n+j].mname, mname);
data/gretl-2020e/lib/src/gmm.c:689:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    if (sscanf(str, fmt, lname, rname) != 2) {
data/gretl-2020e/lib/src/graphing.c:207:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(gnuplot_path, gretl_gnuplot_path());
data/gretl-2020e/lib/src/graphing.c:299:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(gnuplot_path, gretl_gnuplot_path());
data/gretl-2020e/lib/src/graphing.c:342:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(gnuplot_path, "%sgnuplot", gretl_bindir());
data/gretl-2020e/lib/src/graphing.c:526:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(ad_hoc_font, s);
data/gretl-2020e/lib/src/graphing.c:962:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(name, s);
data/gretl-2020e/lib/src/graphing.c:978:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(fstr, " font \"%s,%d\"", name, ptsize);
data/gretl-2020e/lib/src/graphing.c:980:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(fstr, " font \"%s\"", name);
data/gretl-2020e/lib/src/graphing.c:1027:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(fstr, " font \"%s,%d\"", fname, fsize);
data/gretl-2020e/lib/src/graphing.c:1029:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(fstr, " font \"%s\"", fname);
data/gretl-2020e/lib/src/graphing.c:1032:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(ad_hoc_fontspec, grfont);
data/gretl-2020e/lib/src/graphing.c:1049:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(fstr, "%s,%d", fname, fsize);
data/gretl-2020e/lib/src/graphing.c:1051:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(fstr, "%s,%d", fname, stdsize);
data/gretl-2020e/lib/src/graphing.c:1169:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(gp_style, "%s.gpsty", style);
data/gretl-2020e/lib/src/graphing.c:1252:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(targ, tmp);
data/gretl-2020e/lib/src/graphing.c:1263:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(targ, src);
data/gretl-2020e/lib/src/graphing.c:1380:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(s, size_str);
data/gretl-2020e/lib/src/graphing.c:1405:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(term_line, "set term pdfcairo noenhanced font \"%s\"",
data/gretl-2020e/lib/src/graphing.c:1426:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(term_line, "set term epscairo noenhanced font \"%s\"",
data/gretl-2020e/lib/src/graphing.c:1522:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(term_line, "set term %s%s%s noenhanced",
data/gretl-2020e/lib/src/graphing.c:1546:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(term_line, "set term pngcairo%s%s noenhanced",
data/gretl-2020e/lib/src/graphing.c:1553:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(term_line, ad_hoc_fontspec);
data/gretl-2020e/lib/src/graphing.c:1600:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(ad_hoc_font, font);
data/gretl-2020e/lib/src/graphing.c:1665:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(fstr, "font \"%s,%d\"", fname, fsize);
data/gretl-2020e/lib/src/graphing.c:1669:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(fstr, "font \"%s,%d\"", fname, fsize);
data/gretl-2020e/lib/src/graphing.c:1672:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(fstr, "font \"%s,%d\"", fname, stdsize);
data/gretl-2020e/lib/src/graphing.c:1704:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(term_line, size_string);
data/gretl-2020e/lib/src/graphing.c:1709:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(term_line, font_string);
data/gretl-2020e/lib/src/graphing.c:1900:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(gnuplot_outname, optname);
data/gretl-2020e/lib/src/graphing.c:1902:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(fname, "%sgpttmp.XXXXXX", gretl_dotdir());
data/gretl-2020e/lib/src/graphing.c:1907:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(fname, optname);
data/gretl-2020e/lib/src/graphing.c:1966:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(fname, "%sgpttmp.XXXXXX", gretl_dotdir());
data/gretl-2020e/lib/src/graphing.c:1970:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(fname, "%sgpttmp.plt", gretl_dotdir());
data/gretl-2020e/lib/src/graphing.c:2116:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(gnuplot_path, gretl_gnuplot_path());
data/gretl-2020e/lib/src/graphing.c:2276:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buf, "\"%s\" \"%s\"", gretl_gnuplot_path(), fname);
data/gretl-2020e/lib/src/graphing.c:2279:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buf, "\"%s\" -persist \"%s\"", gretl_gnuplot_path(), fname);
data/gretl-2020e/lib/src/graphing.c:2284:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buf, "%s \"%s\"", gretl_gnuplot_path(), fname);
data/gretl-2020e/lib/src/graphing.c:2287:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buf, "%s -persist \"%s\"", gretl_gnuplot_path(), fname);
data/gretl-2020e/lib/src/graphing.c:2386:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(title, _("%s versus %s (with least squares fit)"),
data/gretl-2020e/lib/src/graphing.c:2389:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(title, _("%s versus %s (with inverse fit)"),
data/gretl-2020e/lib/src/graphing.c:2392:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(title, _("%s versus %s (with quadratic fit)"),
data/gretl-2020e/lib/src/graphing.c:2395:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(title, _("%s versus %s (with cubic fit)"),
data/gretl-2020e/lib/src/graphing.c:2402:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(title, _("Regression residuals (= observed - fitted %s)"),
data/gretl-2020e/lib/src/graphing.c:2407:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(title, _("Actual and fitted %s"), s1);
data/gretl-2020e/lib/src/graphing.c:2411:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(title, _("Actual and fitted %s"), s1);
data/gretl-2020e/lib/src/graphing.c:2413:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(title, _("Actual and fitted %s versus %s"), s1, s2);
data/gretl-2020e/lib/src/graphing.c:2654:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(title, _("%s versus %s (with loess fit)"), s1, s2);
data/gretl-2020e/lib/src/graphing.c:3530:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(datestr, dset->S[dset->t1]);
data/gretl-2020e/lib/src/graphing.c:3622:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(mname, tmp);
data/gretl-2020e/lib/src/graphing.c:4046:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(xlabel, series_get_graph_name(dset, v));
data/gretl-2020e/lib/src/graphing.c:4238:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(s1, (gi.flags & GPT_RESIDS)? _("residual") :
data/gretl-2020e/lib/src/graphing.c:4240:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(s2, series_get_graph_name(dset, dv));
data/gretl-2020e/lib/src/graphing.c:4282:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(s1, series_get_graph_name(dset, list[i]));
data/gretl-2020e/lib/src/graphing.c:4855:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(fname, "%sgpttmp.plt", gretl_dotdir());
data/gretl-2020e/lib/src/graphing.c:5094:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(s, "%s(2) = %.3f [%.4f]", _("Chi-square"), v, pv);
data/gretl-2020e/lib/src/graphing.c:5354:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(label, freq->S[i]);
data/gretl-2020e/lib/src/graphing.c:6157:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(targ, "#%s", s + 2);
data/gretl-2020e/lib/src/graphing.c:6165:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(targ, s);
data/gretl-2020e/lib/src/graphing.c:6176:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(fname, "%sdata%cgnuplot%cgpcolors.txt",
data/gretl-2020e/lib/src/graphing.c:6186:11:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
		    if (sscanf(line, "%s %s", cname, rgb) == 2 &&
data/gretl-2020e/lib/src/graphing.c:6188:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(targ, "#%s", rgb);
data/gretl-2020e/lib/src/graphing.c:6425:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(xname, series_get_graph_name(dset, xno));
data/gretl-2020e/lib/src/graphing.c:6454:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(yname, series_get_graph_name(dset, gi->list[1]));
data/gretl-2020e/lib/src/graphing.c:6552:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(lspec, "lc rgb \"%s\"", rgb);
data/gretl-2020e/lib/src/graphing.c:7074:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(gset->varname[1], dset->varname[vnum]);
data/gretl-2020e/lib/src/graphing.c:7149:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(gset->varname[1], dset->varname[yvar]);
data/gretl-2020e/lib/src/graphing.c:7152:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(gset->varname[2], dset->varname[xvar]);
data/gretl-2020e/lib/src/graphing.c:7179:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(gset->S[i], get_panel_group_name(dset, s0));
data/gretl-2020e/lib/src/graphing.c:7198:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(targ, gretl_utf8_truncate(tmp, len));
data/gretl-2020e/lib/src/graphing.c:7320:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(s0, s1);
data/gretl-2020e/lib/src/graphing.c:7416:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(gset->varname[i+1], dset->varname[vnum]);
data/gretl-2020e/lib/src/graphing.c:7431:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(gset->varname[i+1], dset->S[s]);
data/gretl-2020e/lib/src/graphing.c:7594:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(uname, dset->S[s]);
data/gretl-2020e/lib/src/graphing.c:7792:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(title, _("response of %s to a shock in %s, "
data/gretl-2020e/lib/src/graphing.c:7797:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(title, _("response of %s to a shock in %s"),
data/gretl-2020e/lib/src/graphing.c:8038:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(title, "%s -> %s", dset->varname[vshock],
data/gretl-2020e/lib/src/graphing.c:8707:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(s, _("Spectrum of %s"), vname);
data/gretl-2020e/lib/src/graphing.c:9023:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(title, _("Q-Q plot for %s"), series_get_graph_name(dset, v));
data/gretl-2020e/lib/src/graphing.c:9208:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(hset->varname[1], dset->varname[list[1]]);
data/gretl-2020e/lib/src/graphing.c:9229:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(hset->varname[i+1], dset->varname[vi]);
data/gretl-2020e/lib/src/graphing.c:9346:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(dname, _("adjusted %s"), dset->varname[vy]);
data/gretl-2020e/lib/src/graphing.c:9349:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(dname, _("adjusted %s"), dset->varname[vx]);
data/gretl-2020e/lib/src/gretl_array.c:390:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(s, A->data[i]);
data/gretl-2020e/lib/src/gretl_array.c:392:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(s, sep);
data/gretl-2020e/lib/src/gretl_bundle.c:2400:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fullname, fname);
data/gretl-2020e/lib/src/gretl_bundle.c:2505:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fullname, fname);
data/gretl-2020e/lib/src/gretl_errors.c:317:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(gretl_errmsg, str);
data/gretl-2020e/lib/src/gretl_errors.c:343:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(gretl_errmsg, s);
data/gretl-2020e/lib/src/gretl_errors.c:353:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(gretl_errmsg, str);
data/gretl-2020e/lib/src/gretl_errors.c:405:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(gretl_errmsg, ERRLEN, fmt, ap);
data/gretl-2020e/lib/src/gretl_errors.c:424:6:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    vsnprintf(tmp, n, fmt, ap);
data/gretl-2020e/lib/src/gretl_errors.c:430:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(gretl_errmsg, tmp);
data/gretl-2020e/lib/src/gretl_errors.c:441:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(gretl_errmsg, ERRLEN, fmt, ap);
data/gretl-2020e/lib/src/gretl_errors.c:461:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(gretl_warnmsg, ERRLEN, fmt, ap);
data/gretl-2020e/lib/src/gretl_foreign.c:273:12:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
		    nf = sscanf(line, fmt, host, &slots);
data/gretl-2020e/lib/src/gretl_foreign.c:492:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(rscript, rbin);
data/gretl-2020e/lib/src/gretl_func.c:3560:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dirname, fname);
data/gretl-2020e/lib/src/gretl_func.c:3783:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(line, cont);
data/gretl-2020e/lib/src/gretl_func.c:3890:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(dtdname, dpath);
data/gretl-2020e/lib/src/gretl_func.c:3893:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(dtdname, "%sfunctions%cgretlfunc.dtd", gretl_home(), SLASH);
data/gretl-2020e/lib/src/gretl_func.c:4092:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(gfnname, fname);
data/gretl-2020e/lib/src/gretl_func.c:5588:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(mpi_caller, caller);
data/gretl-2020e/lib/src/gretl_func.c:7135:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fun->name, name);
data/gretl-2020e/lib/src/gretl_func.c:7492:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dset->varname[v], fp->name);
data/gretl-2020e/lib/src/gretl_func.c:8264:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(dset->varname[v], arg->upname);
data/gretl-2020e/lib/src/gretl_func.c:8312:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(oi->stobs, dset->stobs);
data/gretl-2020e/lib/src/gretl_func.c:8871:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(formula, "$retval=%s", s);
data/gretl-2020e/lib/src/gretl_func.c:9127:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(state->line, return_line);
data/gretl-2020e/lib/src/gretl_func.c:9250:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(line, u->lines[i].s);
data/gretl-2020e/lib/src/gretl_help.c:263:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(fullname, SLASHSTR);
data/gretl-2020e/lib/src/gretl_help.c:264:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(fullname, basename);
data/gretl-2020e/lib/src/gretl_help.c:287:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(test, "%s.gfn", targ);
data/gretl-2020e/lib/src/gretl_help.c:304:15:  [4] (shell) ShellExecute:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    if ((int) ShellExecute(NULL, "open", fname, NULL, NULL, SW_SHOW) <= 32) {
data/gretl-2020e/lib/src/gretl_help.c:317:11:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    err = system(syscmd);
data/gretl-2020e/lib/src/gretl_help.c:420:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(helpfile, helpfile_path(GRETL_FUNCREF, 1, 0));
data/gretl-2020e/lib/src/gretl_help.c:439:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(helpfile, helpfile_path(GRETL_CMDREF, 1, 0));
data/gretl-2020e/lib/src/gretl_help.c:441:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(helpfile, helpfile_path(GRETL_FUNCREF, 1, 0));
data/gretl-2020e/lib/src/gretl_intl.c:739:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(lfix, "%s.UTF-8", lang);
data/gretl-2020e/lib/src/gretl_intl.c:798:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(lfix, "%s.UTF-8", lcode);
data/gretl-2020e/lib/src/gretl_intl.c:810:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	    sscanf(langstr, "%s", tmp);
data/gretl-2020e/lib/src/gretl_intl.c:1395:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(s, tmp);
data/gretl-2020e/lib/src/gretl_intl.c:1419:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(s, tmp);
data/gretl-2020e/lib/src/gretl_list.c:971:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(buf, numstr);
data/gretl-2020e/lib/src/gretl_list.c:1033:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(buf, dset->varname[vi]);
data/gretl-2020e/lib/src/gretl_list.c:1131:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(buf, dset->varname[vi]);
data/gretl-2020e/lib/src/gretl_list.c:1235:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(buf, numstr);
data/gretl-2020e/lib/src/gretl_list.c:1730:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(vname, "%.*s_%.*s_%s", ilen, si, jlen, sj, numstr);
data/gretl-2020e/lib/src/gretl_list.c:1740:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(label, "interaction of %s and (%s == %g)", si, sj, val);
data/gretl-2020e/lib/src/gretl_list.c:1861:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(dset->varname[v], vname);
data/gretl-2020e/lib/src/gretl_list.c:3143:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(chkname, tmp);
data/gretl-2020e/lib/src/gretl_list.c:3253:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(chkname, S[j]);
data/gretl-2020e/lib/src/gretl_list.c:3274:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(chkname, S[j]);
data/gretl-2020e/lib/src/gretl_list.c:3276:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(chkname, "%s%0*d", prefix, slen, j+1);
data/gretl-2020e/lib/src/gretl_list.c:3281:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(dset->varname[vj], chkname);
data/gretl-2020e/lib/src/gretl_matrix.c:3785:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf(stderr, fmt, gretl_matrix_get(m, i, j));
data/gretl-2020e/lib/src/gretl_midas.c:346:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(mset->varname[0], dset->varname[list[1]]);
data/gretl-2020e/lib/src/gretl_midas.c:399:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(mset->stobs, mset->S[0]);
data/gretl-2020e/lib/src/gretl_midas.c:400:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(mset->endobs, mset->S[mset->t2]);
data/gretl-2020e/lib/src/gretl_midas.c:705:7:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	ns = sscanf(s, fmt, lname, p1str, p2str, typestr, mname);
data/gretl-2020e/lib/src/gretl_midas.c:719:7:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	ns = sscanf(s, fmt, lname, typestr, mname);
data/gretl-2020e/lib/src/gretl_midas.c:784:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(mt->lnam0, lname);
data/gretl-2020e/lib/src/gretl_midas.c:785:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(mt->lname, lname);
data/gretl-2020e/lib/src/gretl_midas.c:787:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(mt->mname, mname);
data/gretl-2020e/lib/src/gretl_midas.c:1322:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(tmp, "%+.15g*%s(-%d)", b[j++],
data/gretl-2020e/lib/src/gretl_midas.c:1325:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(tmp, "%+.15g*%s", b[j++],
data/gretl-2020e/lib/src/gretl_midas.c:1329:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(line, tmp);
data/gretl-2020e/lib/src/gretl_midas.c:2277:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(mt->lname, gretl_bundle_get_string(b, "lname", err));
data/gretl-2020e/lib/src/gretl_midas.c:2333:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(targ, _("MIDAS list %s, high-frequency lags %d to %d"),
data/gretl-2020e/lib/src/gretl_midas.c:2622:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(s, pname);
data/gretl-2020e/lib/src/gretl_midas.c:2639:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(targ, dset->varname[list[i+1]]);
data/gretl-2020e/lib/src/gretl_midas.c:2658:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(tmp, dset->varname[mi->xlist[i]]);
data/gretl-2020e/lib/src/gretl_midas.c:2754:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(line, "nls %s = ", dset->varname[list[1]]);
data/gretl-2020e/lib/src/gretl_midas.c:2765:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(line, tmp);
data/gretl-2020e/lib/src/gretl_midas.c:2773:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(line, "series mlc___%d = lincomb(%s, %s)",
data/gretl-2020e/lib/src/gretl_midas.c:2776:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(line, "series mlc___%d = mlincomb(%s, %s, %d)",
data/gretl-2020e/lib/src/gretl_midas.c:2781:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(line, "matrix mgr___%d = mgradient(%d, %s, %d)",
data/gretl-2020e/lib/src/gretl_midas.c:2800:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(line, "deriv %s = bmlc___%d * {%s} * mgr___%d",
data/gretl-2020e/lib/src/gretl_midas.c:2803:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(line, "deriv %s = {%s} * mgr___%d",
data/gretl-2020e/lib/src/gretl_midas.c:2806:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(line, "deriv %s = {%s}", mt->mname, mt->lname);
data/gretl-2020e/lib/src/gretl_midas.c:2814:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(line, "param_names \"%s\"", mi->pnames);
data/gretl-2020e/lib/src/gretl_model.c:918:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(cname, orig);
data/gretl-2020e/lib/src/gretl_model.c:979:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(targ, dset->varname[pmod->list[j]]);
data/gretl-2020e/lib/src/gretl_model.c:998:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(targ, dset->varname[pmod->list[j]]);
data/gretl-2020e/lib/src/gretl_model.c:1003:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(targ, pmod->params[k]);
data/gretl-2020e/lib/src/gretl_model.c:1064:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pname, s);
data/gretl-2020e/lib/src/gretl_model.c:4400:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(str, "max $\\chi^2(%d)$ = %g (%s)", test->dfn,
data/gretl-2020e/lib/src/gretl_model.c:4403:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(str, _("chi-square(%d) = %g at observation %s"),
data/gretl-2020e/lib/src/gretl_model.c:4428:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(str, "%s(2) = %g", _("Chi-square"), test->value);
data/gretl-2020e/lib/src/gretl_model.c:4436:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(str, "$\\chi^2(%d)$ = NA (%s)", test->dfn, A_("failed"));
data/gretl-2020e/lib/src/gretl_model.c:4442:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(str, "%s(%d) = NA (%s)", _("Chi-square"), test->dfn,
data/gretl-2020e/lib/src/gretl_model.c:4445:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(str, "%s(%d) = %g", _("Chi-square"), test->dfn, test->value);
data/gretl-2020e/lib/src/gretl_model.c:4477:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	else sprintf(str, "P(%s(%d) > %g) = %g", _("Chi-square"),
data/gretl-2020e/lib/src/gretl_model.c:4652:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(buf, A_("%g percent critical value"), a);
data/gretl-2020e/lib/src/gretl_model.c:4655:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(buf, A_("%g percent critical value"), a);
data/gretl-2020e/lib/src/gretl_model.c:4972:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(targ, src);
data/gretl-2020e/lib/src/gretl_model.c:5391:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(cs->str, tmp);
data/gretl-2020e/lib/src/gretl_model.c:6328:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(buf, numstr);
data/gretl-2020e/lib/src/gretl_model.c:6615:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pmod->params[0], dset->varname[0]);
data/gretl-2020e/lib/src/gretl_model.c:6644:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pmod->params[j++], dset->varname[pmod->list[xstart+i]]);
data/gretl-2020e/lib/src/gretl_model.c:6687:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(pmod->params[i], dset->varname[v]);
data/gretl-2020e/lib/src/gretl_model.c:7456:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    if (sscanf(s, fmt, v1str, v2str) != 2) {
data/gretl-2020e/lib/src/gretl_mpi.c:964:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buf, "%d %s %d", type, key, n);
data/gretl-2020e/lib/src/gretl_mpi.c:979:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
    if (sscanf(buf, "%d %s %d", &t, key, size) != 3) {
data/gretl-2020e/lib/src/gretl_panel.c:979:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(wset->varname[j], dset->varname[vj]);
data/gretl-2020e/lib/src/gretl_panel.c:1115:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(rset->varname[k], dset->varname[vj]);
data/gretl-2020e/lib/src/gretl_panel.c:1223:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(ginfo->varname[k], dset->varname[vj]);
data/gretl-2020e/lib/src/gretl_panel.c:1227:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(gset->varname[k], dset->varname[vj]);
data/gretl-2020e/lib/src/gretl_panel.c:3488:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(glsmat, s);
data/gretl-2020e/lib/src/gretl_panel.c:5013:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(markers[t], dset->S[t]);
data/gretl-2020e/lib/src/gretl_panel.c:5019:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(dset->S[s++], markers[t * n + j]);
data/gretl-2020e/lib/src/gretl_panel.c:5025:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(dset->S[s++], markers[j * T + t]);
data/gretl-2020e/lib/src/gretl_panel.c:5336:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(S[t], dset->S[t]);
data/gretl-2020e/lib/src/gretl_panel.c:5342:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dset->S[t], S[s.points[t].obsnum]);
data/gretl-2020e/lib/src/gretl_panel.c:5464:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		       strcpy(S[s], dset->S[t]);
data/gretl-2020e/lib/src/gretl_panel.c:5545:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(S[s], dset->S[t]);
data/gretl-2020e/lib/src/gretl_panel.c:5601:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(si, S[t]);
data/gretl-2020e/lib/src/gretl_panel.c:5608:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(S[t++], si);
data/gretl-2020e/lib/src/gretl_panel.c:6159:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	if (sscanf(dset->endobs, "%[^:]:%s", unit, period) == 2) {
data/gretl-2020e/lib/src/gretl_panel.c:6173:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(test, vname);
data/gretl-2020e/lib/src/gretl_paths.c:159:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(hpath, "%s%s", paths.gretldir, en ? helpfiles[i] :
data/gretl-2020e/lib/src/gretl_paths.c:190:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(test, "%s%s", paths.gretldir, _(helpfiles[i]));
data/gretl-2020e/lib/src/gretl_paths.c:219:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(fname, sfx);
data/gretl-2020e/lib/src/gretl_paths.c:974:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    err = access(fname, W_OK);
data/gretl-2020e/lib/src/gretl_paths.c:1034:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(temp, path);
data/gretl-2020e/lib/src/gretl_paths.c:1038:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(temp, SLASHSTR);
data/gretl-2020e/lib/src/gretl_paths.c:1041:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(temp, file);
data/gretl-2020e/lib/src/gretl_paths.c:1042:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(file, temp);
data/gretl-2020e/lib/src/gretl_paths.c:1062:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tmp, finddir);
data/gretl-2020e/lib/src/gretl_paths.c:1064:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(tmp, fdata->cFileName);
data/gretl-2020e/lib/src/gretl_paths.c:1066:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(tmp, targ);
data/gretl-2020e/lib/src/gretl_paths.c:1082:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(targ, tmp);
data/gretl-2020e/lib/src/gretl_paths.c:1091:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(targ, src);
data/gretl-2020e/lib/src/gretl_paths.c:1100:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(targ, tmp);
data/gretl-2020e/lib/src/gretl_paths.c:1160:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tmp, finddir);
data/gretl-2020e/lib/src/gretl_paths.c:1161:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(tmp, dname);
data/gretl-2020e/lib/src/gretl_paths.c:1163:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(tmp, targ);
data/gretl-2020e/lib/src/gretl_paths.c:1179:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(targ, tmp);
data/gretl-2020e/lib/src/gretl_paths.c:1190:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(targ, src);
data/gretl-2020e/lib/src/gretl_paths.c:1205:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tmp, topdir);
data/gretl-2020e/lib/src/gretl_paths.c:1206:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(tmp, dname);
data/gretl-2020e/lib/src/gretl_paths.c:1254:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(orig, fname);
data/gretl-2020e/lib/src/gretl_paths.c:1287:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fname, orig);
data/gretl-2020e/lib/src/gretl_paths.c:1358:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dirname, gretl_workdir());
data/gretl-2020e/lib/src/gretl_paths.c:1372:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(dirname, wd);
data/gretl-2020e/lib/src/gretl_paths.c:1436:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(path, "%s%c%s%c%s.gfn", fndir, SLASH,
data/gretl-2020e/lib/src/gretl_paths.c:1454:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(test, dname);
data/gretl-2020e/lib/src/gretl_paths.c:1458:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(path, "%s%c%s", fndir, SLASH, dname);
data/gretl-2020e/lib/src/gretl_paths.c:1508:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(tmp, "%s%c%s", dirname, SLASH, dname);
data/gretl-2020e/lib/src/gretl_paths.c:1513:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(fullname, tmp);
data/gretl-2020e/lib/src/gretl_paths.c:1527:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(tmp, "%s%c%s", dirname, SLASH, dname);
data/gretl-2020e/lib/src/gretl_paths.c:1663:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(orig, fname);
data/gretl-2020e/lib/src/gretl_paths.c:1670:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(fname, orig);
data/gretl-2020e/lib/src/gretl_paths.c:1693:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(fname, orig);
data/gretl-2020e/lib/src/gretl_paths.c:1710:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fname, orig);
data/gretl-2020e/lib/src/gretl_paths.c:1718:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(trydir, "%sscripts", gpath);
data/gretl-2020e/lib/src/gretl_paths.c:1723:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(fname, orig);
data/gretl-2020e/lib/src/gretl_paths.c:1724:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(trydir, "%sfunctions", gpath);
data/gretl-2020e/lib/src/gretl_paths.c:1732:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(trydir, "%sdb", gpath);
data/gretl-2020e/lib/src/gretl_paths.c:1739:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(trydir, "%sdata", gpath);
data/gretl-2020e/lib/src/gretl_paths.c:1747:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fname, orig);
data/gretl-2020e/lib/src/gretl_paths.c:1759:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(trydir, "%sscripts", gpath);
data/gretl-2020e/lib/src/gretl_paths.c:1764:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(fname, orig);
data/gretl-2020e/lib/src/gretl_paths.c:1765:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(trydir, "%sfunctions", gpath);
data/gretl-2020e/lib/src/gretl_paths.c:1773:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(trydir, "%sdb", gpath);
data/gretl-2020e/lib/src/gretl_paths.c:1780:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(trydir, "%sdata", gpath);
data/gretl-2020e/lib/src/gretl_paths.c:1788:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fname, orig);
data/gretl-2020e/lib/src/gretl_paths.c:1799:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fname, orig);
data/gretl-2020e/lib/src/gretl_paths.c:1816:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fname, orig);
data/gretl-2020e/lib/src/gretl_paths.c:1827:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(fname, orig);
data/gretl-2020e/lib/src/gretl_paths.c:1846:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(ret, homedir);
data/gretl-2020e/lib/src/gretl_paths.c:1847:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(ret, fname + 1);
data/gretl-2020e/lib/src/gretl_paths.c:1870:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(tmp, homedir);
data/gretl-2020e/lib/src/gretl_paths.c:1871:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(tmp, fname + 1);
data/gretl-2020e/lib/src/gretl_paths.c:1872:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(fname, tmp);
data/gretl-2020e/lib/src/gretl_paths.c:1893:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(fname, pkgpath);
data/gretl-2020e/lib/src/gretl_paths.c:2023:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(paths.plugpath, path);
data/gretl-2020e/lib/src/gretl_paths.c:2024:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(paths.plugpath, PLUGIN_SFX);
data/gretl-2020e/lib/src/gretl_paths.c:2044:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(paths.plugpath, path);
data/gretl-2020e/lib/src/gretl_paths.c:2049:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(paths.plugpath, PLUGIN_SFX);
data/gretl-2020e/lib/src/gretl_paths.c:2058:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(paths.binbase, "%sdb", path);
data/gretl-2020e/lib/src/gretl_paths.c:2083:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dirname, paths.dotdir);
data/gretl-2020e/lib/src/gretl_paths.c:2105:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(dirname, "%s%coutput", paths.tramodir, SLASH);
data/gretl-2020e/lib/src/gretl_paths.c:2108:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(dirname, "%s%cgraph", paths.tramodir, SLASH);
data/gretl-2020e/lib/src/gretl_paths.c:2114:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(dirname, "%s%cgraph%cacf", paths.tramodir, SLASH, SLASH);
data/gretl-2020e/lib/src/gretl_paths.c:2116:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(dirname, "%s%cgraph%cfilters", paths.tramodir, SLASH, SLASH);
data/gretl-2020e/lib/src/gretl_paths.c:2118:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(dirname, "%s%cgraph%cforecast", paths.tramodir, SLASH, SLASH);
data/gretl-2020e/lib/src/gretl_paths.c:2120:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(dirname, "%s%cgraph%cseries", paths.tramodir, SLASH, SLASH);
data/gretl-2020e/lib/src/gretl_paths.c:2122:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(dirname, "%s%cgraph%cspectra", paths.tramodir, SLASH, SLASH);
data/gretl-2020e/lib/src/gretl_paths.c:2178:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(bindir, paths.gretldir);
data/gretl-2020e/lib/src/gretl_paths.c:2215:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(paths.plugpath, LIBDIR);
data/gretl-2020e/lib/src/gretl_paths.c:2217:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(paths.plugpath, GRETL_PREFIX);
data/gretl-2020e/lib/src/gretl_paths.c:2222:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(paths.plugpath, PLUGIN_SFX);
data/gretl-2020e/lib/src/gretl_paths.c:2256:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(default_workdir, "%s\\gretl\\", base);
data/gretl-2020e/lib/src/gretl_paths.c:2280:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(default_workdir, "%s/gretl/", home);
data/gretl-2020e/lib/src/gretl_paths.c:2373:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(paths.workdir, path);
data/gretl-2020e/lib/src/gretl_paths.c:2567:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(paths.pngfont, s);
data/gretl-2020e/lib/src/gretl_paths.c:2659:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(paths.gretldir, tmp);
data/gretl-2020e/lib/src/gretl_paths.c:2698:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(testname, "%sCOPYING", paths.gretldir);
data/gretl-2020e/lib/src/gretl_paths.c:2709:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(testname, "%sCOPYING", config_path);
data/gretl-2020e/lib/src/gretl_paths.c:2712:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(paths.gretldir, config_path);
data/gretl-2020e/lib/src/gretl_paths.c:2763:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(paths.gretldir, ghome);
data/gretl-2020e/lib/src/gretl_paths.c:2769:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(paths.gretldir, dirname);
data/gretl-2020e/lib/src/gretl_paths.c:2778:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(paths.gretldir, "%s\\gretl\\", progfiles);
data/gretl-2020e/lib/src/gretl_paths.c:2782:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(paths.gretldir, GRETL_PREFIX);
data/gretl-2020e/lib/src/gretl_paths.c:2797:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dirname, paths.gretldir);
data/gretl-2020e/lib/src/gretl_paths.c:2872:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(paths.dotdir, "%s\\gretl\\", dirname);
data/gretl-2020e/lib/src/gretl_paths.c:2875:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(paths.dotdir, "%s\\user\\", paths.gretldir);
data/gretl-2020e/lib/src/gretl_paths.c:2880:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(paths.dotdir, "%s/.gretl/", dirname);
data/gretl-2020e/lib/src/gretl_paths.c:2923:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(targ, src);
data/gretl-2020e/lib/src/gretl_paths.c:2928:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(src, targ);
data/gretl-2020e/lib/src/gretl_paths.c:3023:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(targ, "%s\\gretl\\", home);
data/gretl-2020e/lib/src/gretl_paths.c:3026:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(targ, "%suser\\", paths.gretldir);
data/gretl-2020e/lib/src/gretl_paths.c:3037:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(targ, "%swgnuplot.exe", gretl_bindir());
data/gretl-2020e/lib/src/gretl_paths.c:3050:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(targ, "%s\\x13as\\x13as.exe", progfiles);
data/gretl-2020e/lib/src/gretl_paths.c:3052:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(targ, "%s\\tramo\\tramo.exe", pfx86);
data/gretl-2020e/lib/src/gretl_paths.c:3058:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(targ, "%s\\OxMetrics6\\Ox\\bin\\oxl.exe", progfiles);
data/gretl-2020e/lib/src/gretl_paths.c:3062:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(targ, "%s\\Stata\\stata.exe", progfiles);
data/gretl-2020e/lib/src/gretl_paths.c:3109:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(targ, "%s/gretl/", home);
data/gretl-2020e/lib/src/gretl_paths.c:3113:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(targ, home);
data/gretl-2020e/lib/src/gretl_paths.c:3142:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(targ, "%sgnuplot", gretl_bindir());
data/gretl-2020e/lib/src/gretl_paths.c:3162:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(paths.rlibpath, RLIBPATH);
data/gretl-2020e/lib/src/gretl_paths.c:3167:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(paths.oxlpath, app_paths[0]);
data/gretl-2020e/lib/src/gretl_paths.c:3169:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(paths.octpath, app_paths[1]);
data/gretl-2020e/lib/src/gretl_paths.c:3171:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(paths.statapath, app_paths[2]);
data/gretl-2020e/lib/src/gretl_paths.c:3202:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(s, SLASHSTR);
data/gretl-2020e/lib/src/gretl_paths.c:3212:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(targ, src);
data/gretl-2020e/lib/src/gretl_paths.c:3214:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(src, targ);
data/gretl-2020e/lib/src/gretl_paths.c:3218:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(src, targ);
data/gretl-2020e/lib/src/gretl_paths.c:3239:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(paths.gnuplot, "%swgnuplot.exe", paths.gretldir);
data/gretl-2020e/lib/src/gretl_paths.c:3289:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(paths.dotdir, paths.workdir);
data/gretl-2020e/lib/src/gretl_paths.c:3302:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(paths.workdir, defpath);
data/gretl-2020e/lib/src/gretl_paths.c:3374:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fname, tmp);
data/gretl-2020e/lib/src/gretl_paths.c:3399:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fullname, fname);
data/gretl-2020e/lib/src/gretl_paths.c:3473:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tmp, slash);
data/gretl-2020e/lib/src/gretl_paths.c:3516:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(tmp, slash);
data/gretl-2020e/lib/src/gretl_paths.c:3517:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(tmp, P[i]);
data/gretl-2020e/lib/src/gretl_paths.c:3520:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(path, tmp);
data/gretl-2020e/lib/src/gretl_paths.c:3549:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(path, sep == '/' ? "/" : "\\");
data/gretl-2020e/lib/src/gretl_paths.c:3621:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	if (sscanf(line, "%s", key) != 1) {
data/gretl-2020e/lib/src/gretl_paths.c:3723:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(rcfile, "%s/.gretl2rc", path);
data/gretl-2020e/lib/src/gretl_paths.c:3804:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(suppdir, "%s/Library/Application Support/gretl/functions",
data/gretl-2020e/lib/src/gretl_paths.c:3858:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(path, "%s%s", dirname, subdir);
data/gretl-2020e/lib/src/gretl_paths.c:3867:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(path, "%s%s", gretl_home(), subdir);
data/gretl-2020e/lib/src/gretl_paths.c:3922:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(targ, s1);
data/gretl-2020e/lib/src/gretl_paths.c:3923:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(targ, s2);
data/gretl-2020e/lib/src/gretl_paths.c:4014:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(targ, single_element);
data/gretl-2020e/lib/src/gretl_paths.c:4016:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(targ, last_trailing);
data/gretl-2020e/lib/src/gretl_paths.c:4093:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(targ, single_element);
data/gretl-2020e/lib/src/gretl_paths.c:4095:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(targ, last_trailing);
data/gretl-2020e/lib/src/gretl_plot.c:145:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(literal, plot.lines[i]);
data/gretl-2020e/lib/src/gretl_prn.c:177:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(prn->fname, "%sprntmp.XXXXXX", dotdir);
data/gretl-2020e/lib/src/gretl_prn.c:1060:9:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	plen = vfprintf(prn->fp, format, args);
data/gretl-2020e/lib/src/gretl_prn.c:1096:12:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    plen = vsnprintf(prn->buf + prn->blen, rem, format, args);
data/gretl-2020e/lib/src/gretl_prn.c:1108:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	plen = vsnprintf(prn->buf + prn->blen, rem, format, args);
data/gretl-2020e/lib/src/gretl_prn.c:1133:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(prn->fp, format, args);
data/gretl-2020e/lib/src/gretl_prn.c:1156:12:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    plen = vsnprintf(prn->buf + prn->blen, rem, format, args);
data/gretl-2020e/lib/src/gretl_prn.c:1167:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	plen = vsnprintf(prn->buf + prn->blen, rem, format, args);
data/gretl-2020e/lib/src/gretl_prn.c:1223:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(prn->buf + prn->blen, s);
data/gretl-2020e/lib/src/gretl_restrict.c:2756:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(fncall, "%s(%s)", rset->rfunc, RCOEFFNAME);
data/gretl-2020e/lib/src/gretl_restrict.c:2956:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(bstr, "b[%s]", dset->varname[list[i]]);
data/gretl-2020e/lib/src/gretl_restrict.c:2962:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(line, bstr);
data/gretl-2020e/lib/src/gretl_string_table.c:1162:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(ret, s);
data/gretl-2020e/lib/src/gretl_string_table.c:1271:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(s, sub);
data/gretl-2020e/lib/src/gretl_string_table.c:1272:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(s + m, tmp);
data/gretl-2020e/lib/src/gretl_untar.c:110:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(fname, buffer.header.name);
data/gretl-2020e/lib/src/gretl_utils.c:843:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(obs, fmt, maj, min);
data/gretl-2020e/lib/src/gretl_utils.c:2981:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(fullpath, "%s/%s", dirs[i], prog);
data/gretl-2020e/lib/src/gretl_win32.c:110:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(keyval, result);
data/gretl-2020e/lib/src/gretl_win32.c:1240:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(from, path);
data/gretl-2020e/lib/src/gretl_win32.c:1301:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(path, "R-core\\R\\%s", version);
data/gretl-2020e/lib/src/gretl_win32.c:1371:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(s, arch[0]);
data/gretl-2020e/lib/src/gretl_win32.c:1377:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(s, arch[1]);
data/gretl-2020e/lib/src/gretl_www.c:107:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(u->url, "http://%s", hostname);
data/gretl-2020e/lib/src/gretl_www.c:133:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(u->agent, "gretl-%s-%s", GRETL_VERSION, BUILD_DATE);
data/gretl-2020e/lib/src/gretl_www.c:135:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(u->agent, "gretl-%s", GRETL_VERSION);
data/gretl-2020e/lib/src/gretl_www.c:357:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(u->url, print_option(opt));
data/gretl-2020e/lib/src/gretl_www.c:366:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(u->url, fname);
data/gretl-2020e/lib/src/gretl_www.c:371:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(u->url, series);
data/gretl-2020e/lib/src/gretl_www.c:379:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(u->url, fstr);
data/gretl-2020e/lib/src/gretl_www.c:394:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(certs_path, "%s/share/curl/curl-ca-bundle.crt", tmp);
data/gretl-2020e/lib/src/gretl_www.c:415:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(certs_path, "%scurl-ca-bundle.crt", gretl_home());
data/gretl-2020e/lib/src/gretl_www.c:608:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(u.url, dbcgi);
data/gretl-2020e/lib/src/gretl_www.c:614:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(u.url, fname);
data/gretl-2020e/lib/src/gretl_www.c:616:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(u.url, manual_path);
data/gretl-2020e/lib/src/gretl_www.c:617:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(u.url, fname);
data/gretl-2020e/lib/src/gretl_www.c:619:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(u.url, dataset_path);
data/gretl-2020e/lib/src/gretl_www.c:620:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(u.url, fname);
data/gretl-2020e/lib/src/gretl_www.c:622:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(u.url, updatecgi);
data/gretl-2020e/lib/src/gretl_www.c:624:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(u.url, datapkg_list);
data/gretl-2020e/lib/src/gretl_www.c:626:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(u.url, datacgi);
data/gretl-2020e/lib/src/gretl_www.c:689:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(u.url, updatecgi);
data/gretl-2020e/lib/src/gretl_www.c:729:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(u.url, datacgi);
data/gretl-2020e/lib/src/gretl_www.c:1153:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(uri, "%s/%s/%s.zip", SF, pkgdir, pkgbase);
data/gretl-2020e/lib/src/gretl_www.c:1267:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(localname, gretl_dotdir());
data/gretl-2020e/lib/src/gretl_www.c:1268:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(localname, s + 1);
data/gretl-2020e/lib/src/gretl_xml.c:212:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(dest, s + 1);
data/gretl-2020e/lib/src/gretl_xml.c:214:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(dest, src);
data/gretl-2020e/lib/src/gretl_xml.c:1804:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(stderr, I_("Writing %.0f Kbytes of data\n"), msize / 1024);
data/gretl-2020e/lib/src/gretl_xml.c:2378:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(stderr, I_("Writing %.0f Kbytes of data\n"), dsize / 1024);
data/gretl-2020e/lib/src/gretl_xml.c:3772:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    if (sscanf(test, fmt, vname, &pm, lag) == 3) {
data/gretl-2020e/lib/src/gretl_xml.c:3791:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
    if (sscanf(test, _("dummy for %s = %lf"), vname, &val) == 2 ||
data/gretl-2020e/lib/src/gretl_xml.c:3792:2:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	sscanf(test, "dummy for %s = %lf", vname, &val) == 2) {
data/gretl-2020e/lib/src/gretl_xml.c:3867:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    n = sscanf(dset->S[0], YMD_READ_FMT, &y1, &m, &d);
data/gretl-2020e/lib/src/gretl_xml.c:3879:10:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	    n = sscanf(dset->S[k], YMD_READ_FMT, &y2, &m, &d);
data/gretl-2020e/lib/src/gretl_zip.c:615:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(pkgbase, gfnname);
data/gretl-2020e/lib/src/interact.c:159:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(s, tmp);
data/gretl-2020e/lib/src/interact.c:216:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	if (sscanf(s, fmt, word)) {
data/gretl-2020e/lib/src/interact.c:380:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(shellnam, ++namep);
data/gretl-2020e/lib/src/interact.c:1174:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(outname, fname);
data/gretl-2020e/lib/src/interact.c:1206:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(savename, targ);
data/gretl-2020e/lib/src/interact.c:1280:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(path, p);
data/gretl-2020e/lib/src/interact.c:1478:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(line, tmp);
data/gretl-2020e/lib/src/interact.c:1503:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(s->runfile, fname);
data/gretl-2020e/lib/src/interact.c:1731:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(S[0], s);
data/gretl-2020e/lib/src/interact.c:2313:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(genline, "%s == %g", byname, xi);
data/gretl-2020e/lib/src/interact.c:2484:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(fname, param);
data/gretl-2020e/lib/src/interact.c:2492:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(fname, s);
data/gretl-2020e/lib/src/interact.c:2507:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(fname, "model_%d.%s", pmod->ID, sfx);
data/gretl-2020e/lib/src/interact.c:2510:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(fname, "model_%" G_GINT64_FORMAT ".%s",
data/gretl-2020e/lib/src/kalman.c:1563:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(test, "%s.", bname);
data/gretl-2020e/lib/src/laginfo.c:383:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(tmp, "(%s%d)", lag_sign_str(lsign), lag);
data/gretl-2020e/lib/src/laginfo.c:389:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(tmp, "(%s%d to ", lag_sign_str(lsign), lag);
data/gretl-2020e/lib/src/laginfo.c:394:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(tmp, "%s%d)", lag_sign_str(lsign), lag);
data/gretl-2020e/lib/src/laginfo.c:402:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(tmp, "%s%d", lag_sign_str(lsign), lag);
data/gretl-2020e/lib/src/libglue.c:608:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(fname, s);
data/gretl-2020e/lib/src/libset.c:3050:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fullname, fname);
data/gretl-2020e/lib/src/matrix_extra.c:1278:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fullname, fname);
data/gretl-2020e/lib/src/matrix_extra.c:1483:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(targ, fname);
data/gretl-2020e/lib/src/matrix_extra.c:1867:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(wtest, 32, fmt, wid, prec, (int) x);
data/gretl-2020e/lib/src/matrix_extra.c:1870:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(wtest, 32, fmt, n, (int) x);
data/gretl-2020e/lib/src/matrix_extra.c:1872:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(wtest, 32, fmt, (int) x);
data/gretl-2020e/lib/src/matrix_extra.c:1876:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(wtest, 32, fmt, wid, prec, x);
data/gretl-2020e/lib/src/matrix_extra.c:1879:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(wtest, 32, fmt, n, x);
data/gretl-2020e/lib/src/matrix_extra.c:1881:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(wtest, 32, fmt, x);
data/gretl-2020e/lib/src/modelprint.c:132:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(s, tmp);
data/gretl-2020e/lib/src/modelprint.c:1369:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(vname, dset->varname[vi]);
data/gretl-2020e/lib/src/modelprint.c:1600:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(s, "$\\Delta$%s", myvar);
data/gretl-2020e/lib/src/modelprint.c:1614:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(s, "$\\Delta$%s", vnesc);
data/gretl-2020e/lib/src/modelprint.c:1769:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(vname, tmp);
data/gretl-2020e/lib/src/modelprint.c:1784:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(vname, dset->varname[yno]);
data/gretl-2020e/lib/src/modelprint.c:2033:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(modname, pmod->name);
data/gretl-2020e/lib/src/modelprint.c:2680:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(jllstr, _("Log-likelihood for %s"),
data/gretl-2020e/lib/src/modelprint.c:2765:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(mt->txt_fmt, "  %%-%ds  %%s\n  %%-%ds  %%s\n", len + d1, len + d2);
data/gretl-2020e/lib/src/modelprint.c:2767:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(mt->txt_fmt, "%%-%ds%%s   %%-%ds%%s\n", 20 + d1, 20 + d2);
data/gretl-2020e/lib/src/modelprint.c:2769:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(mt->txt_fmt, "%%-%ds%%s   %%-%ds%%s\n", len + d1 + 1, len + d2 + 1);
data/gretl-2020e/lib/src/modelprint.c:2771:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(mt->txt_fmt, "  %%-%ds  %%s\n  %%-%ds  %%s\n", len + d1, len + d2);
data/gretl-2020e/lib/src/modelprint.c:2798:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(s, (d7)? " −" : "−"); /* U+2212: minus */
data/gretl-2020e/lib/src/modelprint.c:2802:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(s, (d7)? " -" : "-"); /* ASCII: use hyphen */
data/gretl-2020e/lib/src/modelprint.c:2827:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(s, "%9s", "NA");
data/gretl-2020e/lib/src/modelprint.c:2867:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(s, tmp);
data/gretl-2020e/lib/src/modelprint.c:2892:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(tmp, "E--%s", p + 2);
data/gretl-2020e/lib/src/modelprint.c:2893:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(p, tmp);
data/gretl-2020e/lib/src/modelprint.c:3148:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(teststr, A_("LSDV F(%d, %d)"), pmod->dfn, dfd);
data/gretl-2020e/lib/src/modelprint.c:3156:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(teststr, "%s(%d)", A_("Chi-square"), pmod->dfn);
data/gretl-2020e/lib/src/modelprint.c:3307:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(mtab.txt_fmt, TXT_MT_FMT);
data/gretl-2020e/lib/src/modelprint.c:4630:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(name, "log(%s)", dset->varname[offvar]);
data/gretl-2020e/lib/src/modelprint.c:4666:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(sep, "%s = %d", vname, val);
data/gretl-2020e/lib/src/modelprint.c:5009:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(name, "log(%s)", dset->varname[offvar]);
data/gretl-2020e/lib/src/monte_carlo.c:785:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(loop->idxname, vname);
data/gretl-2020e/lib/src/monte_carlo.c:792:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(genline, "%s=NA", vname);
data/gretl-2020e/lib/src/monte_carlo.c:795:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(genline, "%s=%g", vname, loop->init.val);
data/gretl-2020e/lib/src/monte_carlo.c:803:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(loop->idxname, vname);
data/gretl-2020e/lib/src/monte_carlo.c:1045:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(vname, loop->eachname);
data/gretl-2020e/lib/src/monte_carlo.c:1131:10:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	    if (sscanf(loop->cmds[i].line, lfmt, vname)) {
data/gretl-2020e/lib/src/monte_carlo.c:1135:17:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	    } else if (sscanf(loop->cmds[i].line, afmt, vname)) {
data/gretl-2020e/lib/src/monte_carlo.c:1236:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	if (sscanf(s, fmt, vn1, vn2) != 2) {
data/gretl-2020e/lib/src/monte_carlo.c:2099:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(lstore->dset->varname[i+1], s);
data/gretl-2020e/lib/src/monte_carlo.c:2876:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(targ, "$%s", loop->init.vname);
data/gretl-2020e/lib/src/monte_carlo.c:2879:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(targ, "$%s", loop->idxname);
data/gretl-2020e/lib/src/monte_carlo.c:2945:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(q, p + targlen);
data/gretl-2020e/lib/src/monte_carlo.c:2946:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(p, ins);
data/gretl-2020e/lib/src/monte_carlo.c:2947:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(p + inslen, q);
data/gretl-2020e/lib/src/monte_carlo.c:2974:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(genline, "%s=NA", loop->idxname);
data/gretl-2020e/lib/src/monte_carlo.c:2977:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(genline, "%s=%g", loop->idxname, loop->init.val);
data/gretl-2020e/lib/src/monte_carlo.c:3383:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(state->line, errline);
data/gretl-2020e/lib/src/monte_carlo.c:3695:14:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		showline = strcpy(line, currline);
data/gretl-2020e/lib/src/nls.c:181:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(formula, s->nlfunc);
data/gretl-2020e/lib/src/nls.c:313:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(formula, s->aux[i]);
data/gretl-2020e/lib/src/nls.c:320:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(formula, "%s = %s", s->lhname, s->nlfunc);
data/gretl-2020e/lib/src/nls.c:325:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(formula, "$nl_y = %s", s->nlfunc);
data/gretl-2020e/lib/src/nls.c:331:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(formula, "%s = %s", s->params[j].dname,
data/gretl-2020e/lib/src/nls.c:334:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(formula, "%s = %s",  s->params[j].dname,
data/gretl-2020e/lib/src/nls.c:1832:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(pmod->depvar, "%s = %s", spec->lhname, spec->nlfunc);
data/gretl-2020e/lib/src/nls.c:3110:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(spec->nlfunc, "%s - (%s)", vname, rhs);
data/gretl-2020e/lib/src/nls.c:3702:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dset->varname[v], IVREG_RESIDNAME);
data/gretl-2020e/lib/src/objstack.c:686:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(name, "%s %d", _("Model"), pmod->ID);
data/gretl-2020e/lib/src/objstack.c:692:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(name, "%s %d", _("VAR"), ++n_vars);
data/gretl-2020e/lib/src/objstack.c:694:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(name, "%s %d", _("VECM"), gretl_VECM_id(var));
data/gretl-2020e/lib/src/objstack.c:700:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(name, "%s %d", _("System"), ++n_sys);
data/gretl-2020e/lib/src/objstack.c:718:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(name, "%s %d", _("Model"), id);
data/gretl-2020e/lib/src/objstack.c:720:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(name, "%s %d", _("Model"), ++id);
data/gretl-2020e/lib/src/objstack.c:733:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(name, "%s %d", vstr, id);
data/gretl-2020e/lib/src/objstack.c:735:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(name, "%s %d", vstr, ++id);
data/gretl-2020e/lib/src/objstack.c:744:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(name, "%s %d", vstr, id);
data/gretl-2020e/lib/src/objstack.c:746:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(name, "%s %d", vstr, ++id);
data/gretl-2020e/lib/src/objstack.c:754:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(name, "%s %d", _("System"), id);
data/gretl-2020e/lib/src/objstack.c:756:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(name, "%s %d", _("System"), ++id);
data/gretl-2020e/lib/src/plotspec.c:438:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(targ->title, src->title);
data/gretl-2020e/lib/src/plotspec.c:439:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(targ->formula, src->formula);
data/gretl-2020e/lib/src/plotspec.c:440:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(targ->rgb, src->rgb);
data/gretl-2020e/lib/src/plotspec.c:550:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(targ->text, src->text);
data/gretl-2020e/lib/src/plotspec.c:1685:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(formula, "%.10g + %.10g*%s", b[0], b[1], x);
data/gretl-2020e/lib/src/plotspec.c:1687:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(formula, "%.10g + %.10g*%s + %.10g*%s**2", b[0], b[1], x, b[2], x);
data/gretl-2020e/lib/src/plotspec.c:1689:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(formula, "%.10g + %.10g*%s + %.10g*%s**2 + %.10g*%s**3",
data/gretl-2020e/lib/src/plotspec.c:1692:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(formula, "%.10g + %.10g/%s", b[0], b[1], x);
data/gretl-2020e/lib/src/plotspec.c:1694:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(formula, "exp(%.10g + %.10g*%s)", b[0], b[1], x);
data/gretl-2020e/lib/src/plotspec.c:1697:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(formula, "%.10g + %.10g*log%s", b[0], b[1], x);
data/gretl-2020e/lib/src/plotspec.c:1737:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(gstr, "\\n(%s %.2f%%)", _("annual growth"), g);
data/gretl-2020e/lib/src/plotspec.c:1738:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(title, gstr);
data/gretl-2020e/lib/src/plugins.c:435:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pluginpath, gretl_plugin_path());
data/gretl-2020e/lib/src/plugins.c:436:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(pluginpath, plugins[i].pname);
data/gretl-2020e/lib/src/plugins.c:437:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(pluginpath, PLUGIN_EXT);
data/gretl-2020e/lib/src/plugins.c:535:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(pluginpath, gretl_plugin_path());
data/gretl-2020e/lib/src/plugins.c:536:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(pluginpath, name);
data/gretl-2020e/lib/src/plugins.c:537:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(pluginpath, PLUGIN_EXT);
data/gretl-2020e/lib/src/printout.c:1186:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tmp, targ + 1);
data/gretl-2020e/lib/src/printout.c:1189:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(targ, tmp);
data/gretl-2020e/lib/src/printout.c:1239:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(final, numstr);
data/gretl-2020e/lib/src/printout.c:1559:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(label, (kstep)? _("forecast") : _("fitted"));
data/gretl-2020e/lib/src/printout.c:1563:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(label, (kstep)? _("error") : _("residual"));
data/gretl-2020e/lib/src/printout.c:1699:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(str, "%*s  ", gretl_digits + 1 + anyneg, "NA");
data/gretl-2020e/lib/src/printout.c:1701:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(str, "%*s  ", gretl_digits + 1 + anyneg, "NaN");
data/gretl-2020e/lib/src/printout.c:1703:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(str, "%*s  ", gretl_digits + 1 + anyneg,
data/gretl-2020e/lib/src/printout.c:1706:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(str, format, x);
data/gretl-2020e/lib/src/printout.c:1872:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(numstr, (x < 0)? "-inf" : "inf");
data/gretl-2020e/lib/src/printout.c:1939:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(buf, numstr);
data/gretl-2020e/lib/src/printout.c:1951:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tmp, dset->S[t]);
data/gretl-2020e/lib/src/printout.c:1984:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(targ, src);
data/gretl-2020e/lib/src/printout.c:1997:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(targ, p);
data/gretl-2020e/lib/src/printout.c:2749:7:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		    sprintf(buf, format, x);
data/gretl-2020e/lib/src/printscan.c:1385:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(tmp, "sscanf(%s)", args);
data/gretl-2020e/lib/src/pvalues.c:3924:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(line, S[i]);
data/gretl-2020e/lib/src/pvalues.c:3925:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(line, (i == n - 1)? ")" : ",");
data/gretl-2020e/lib/src/strutils.c:445:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(screen, str);
data/gretl-2020e/lib/src/strutils.c:625:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    len = vsnprintf(buf, bsize, format, args);
data/gretl-2020e/lib/src/strutils.c:681:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(targ, sep);
data/gretl-2020e/lib/src/strutils.c:683:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(targ, add);
data/gretl-2020e/lib/src/strutils.c:1445:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(targ, ext);
data/gretl-2020e/lib/src/strutils.c:1467:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(fname, ext);
data/gretl-2020e/lib/src/strutils.c:1500:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(ret, src);
data/gretl-2020e/lib/src/strutils.c:1503:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(ret, ext);
data/gretl-2020e/lib/src/strutils.c:2386:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(obs, dset->S[t]);
data/gretl-2020e/lib/src/strutils.c:2407:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tmp, obs);
data/gretl-2020e/lib/src/strutils.c:2729:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(vname, tmp);
data/gretl-2020e/lib/src/strutils.c:2782:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(fname, dir);
data/gretl-2020e/lib/src/strutils.c:2784:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(fname, SLASHSTR);
data/gretl-2020e/lib/src/strutils.c:2785:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(fname, dir);
data/gretl-2020e/lib/src/strutils.c:2788:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(fname, SLASHSTR);
data/gretl-2020e/lib/src/strutils.c:3046:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(ret, src);
data/gretl-2020e/lib/src/strutils.c:3047:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(ret, p);
data/gretl-2020e/lib/src/strutils.c:3071:12:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    return sscanf(src, fmt, targ);
data/gretl-2020e/lib/src/strutils.c:3164:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(mod, repl);
data/gretl-2020e/lib/src/strutils.c:3168:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(mod, q);
data/gretl-2020e/lib/src/subsample.c:565:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(fullset->S[t], dset->S[subt++]);
data/gretl-2020e/lib/src/subsample.c:1036:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dname, s);
data/gretl-2020e/lib/src/subsample.c:1363:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(subset->S[s++], dset->S[t]);
data/gretl-2020e/lib/src/subsample.c:2039:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(s, old);
data/gretl-2020e/lib/src/subsample.c:2047:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(s, restr);
data/gretl-2020e/lib/src/subsample.c:2084:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dset->stobs, stobs);
data/gretl-2020e/lib/src/subsample.c:2854:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dest->varname[i], src->varname[i]);
data/gretl-2020e/lib/src/subsample.c:2973:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pmod->dataset->stobs, srcset->stobs);
data/gretl-2020e/lib/src/subsample.c:2974:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pmod->dataset->endobs, srcset->endobs);
data/gretl-2020e/lib/src/subsample.c:3228:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(tmp, _("Data file %s\nas of"),
data/gretl-2020e/lib/src/system.c:2453:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(sysstr, A_("iterated %s"), A_(lstr));
data/gretl-2020e/lib/src/system.c:2455:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(sysstr, _("iterated %s"), _(lstr));
data/gretl-2020e/lib/src/system.c:2458:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(sysstr, A_(lstr));
data/gretl-2020e/lib/src/system.c:2460:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(sysstr, _(lstr));
data/gretl-2020e/lib/src/texprint.c:142:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(targ, "$%s%s%s$", tbase, op, mod);
data/gretl-2020e/lib/src/texprint.c:144:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(targ, "$%s%s{%s}$", tbase, op, mod);
data/gretl-2020e/lib/src/texprint.c:173:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(targ, src);
data/gretl-2020e/lib/src/texprint.c:180:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(targ, "$%s$", tgreek);
data/gretl-2020e/lib/src/texprint.c:256:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(tmp, "\\textrm{e%s%s}", (minus)? "--" : "+", p + 2);
data/gretl-2020e/lib/src/texprint.c:257:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(p, tmp);
data/gretl-2020e/lib/src/texprint.c:437:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(targ, "$%s$", tgreek);
data/gretl-2020e/lib/src/texprint.c:453:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    if (sscanf(src, fmt, vname, &lag) == 2) {
data/gretl-2020e/lib/src/texprint.c:456:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(targ, "$\\%s_{%d}$", vname, lag);
data/gretl-2020e/lib/src/texprint.c:458:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(targ, "\\%s_{%d}", vname, lag);
data/gretl-2020e/lib/src/texprint.c:464:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(targ, "\\mbox{%s}", vnesc);
data/gretl-2020e/lib/src/texprint.c:466:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(targ, vnesc);
data/gretl-2020e/lib/src/texprint.c:481:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    if (sscanf(vnesc, fmt, vname, &power) == 2) {
data/gretl-2020e/lib/src/texprint.c:484:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(targ, "%s$^{%d}$", vname, power);
data/gretl-2020e/lib/src/texprint.c:486:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(targ, "\\mbox{%s}^%d", vname, power);
data/gretl-2020e/lib/src/texprint.c:491:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(targ, "\\mbox{%s}", vnesc);
data/gretl-2020e/lib/src/texprint.c:493:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(targ, vnesc);
data/gretl-2020e/lib/src/texprint.c:533:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	if (sscanf(src, fmt, vname, &i) == 2) {
data/gretl-2020e/lib/src/texprint.c:539:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(texname, vnesc);
data/gretl-2020e/lib/src/texprint.c:541:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(texname, "\\mbox{%s}", vnesc);
data/gretl-2020e/lib/src/texprint.c:545:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(targ, "%s$_{t-%d}$", texname, i);
data/gretl-2020e/lib/src/texprint.c:547:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(targ, "%s_{t-%d}", texname, i);
data/gretl-2020e/lib/src/texprint.c:551:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(targ, vnesc);
data/gretl-2020e/lib/src/texprint.c:555:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(targ, vnesc);
data/gretl-2020e/lib/src/texprint.c:568:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(s, "%s$_{t-%d}$", base, lag);
data/gretl-2020e/lib/src/texprint.c:583:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(s, "$\\Delta$%s$_{t-%d}$", base, lag);
data/gretl-2020e/lib/src/texprint.c:600:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(fmt, "$%s$", colspec[0]);
data/gretl-2020e/lib/src/texprint.c:639:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(fmt, "$%s$", colspec[2]);
data/gretl-2020e/lib/src/texprint.c:710:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(tmp, "E--%s", p + 2);
data/gretl-2020e/lib/src/texprint.c:711:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(p, tmp);
data/gretl-2020e/lib/src/texprint.c:735:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(col1, "\\multicolumn{2}{c}{\\rm %s}", A_("undefined"));
data/gretl-2020e/lib/src/texprint.c:746:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(col2, "\\multicolumn{2}{c}{\\rm %s}", A_("undefined"));
data/gretl-2020e/lib/src/texprint.c:753:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(col3, "\\multicolumn{2}{c}{\\rm %s}", A_("undefined"));
data/gretl-2020e/lib/src/texprint.c:1149:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(local, "gretlpre_%s.tex", lstr);
data/gretl-2020e/lib/src/texprint.c:1162:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(test, "%s%s", path, localname);
data/gretl-2020e/lib/src/texprint.c:1165:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(tex_preamble_file, test);
data/gretl-2020e/lib/src/texprint.c:1172:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(test, "%sgretlpre.tex", path);
data/gretl-2020e/lib/src/texprint.c:1175:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(tex_preamble_file, test);
data/gretl-2020e/lib/src/texprint.c:1227:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(p, ",landscape%s", rem);
data/gretl-2020e/lib/src/texprint.c:1235:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(p, "[landscape]%s", rem);
data/gretl-2020e/lib/src/texprint.c:1434:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(vname, dset->varname[offvar]);
data/gretl-2020e/lib/src/tokenize.c:963:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(ret, c->toks[i].s);
data/gretl-2020e/lib/src/tokenize.c:967:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(ret, c->toks[i].s);
data/gretl-2020e/lib/src/tokenize.c:970:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(ret, c->toks[i].s);
data/gretl-2020e/lib/src/tokenize.c:1193:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(flag, tok->s);
data/gretl-2020e/lib/src/tokenize.c:1567:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(ret, "{%s}", s);
data/gretl-2020e/lib/src/tokenize.c:2063:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(c->savename, s);
data/gretl-2020e/lib/src/tokenize.c:2748:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(lstr, tok->s);
data/gretl-2020e/lib/src/tokenize.c:2753:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(lstr, tok->s);
data/gretl-2020e/lib/src/tokenize.c:2774:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(lstr, tok->s);
data/gretl-2020e/lib/src/tokenize.c:2907:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(lstr, tok->s);
data/gretl-2020e/lib/src/tokenize.c:3766:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(line, tmp);
data/gretl-2020e/lib/src/tokenize.c:3769:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(line, "%s=sprintf(\"%s\")", cmd->param, cmd->parm2);
data/gretl-2020e/lib/src/transforms.c:121:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(vname, ext);
data/gretl-2020e/lib/src/transforms.c:136:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(vname, "%s_f%d", orig, -aux);
data/gretl-2020e/lib/src/transforms.c:138:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(vname, "%s%d", orig, -aux);
data/gretl-2020e/lib/src/transforms.c:143:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(vname, ext);
data/gretl-2020e/lib/src/transforms.c:156:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(vname, ext);
data/gretl-2020e/lib/src/transforms.c:188:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(label, _("= first difference of %s"), parent);
data/gretl-2020e/lib/src/transforms.c:190:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(label, _("= log difference of %s"), parent);
data/gretl-2020e/lib/src/transforms.c:192:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(label, _("= seasonal difference of %s"), parent);
data/gretl-2020e/lib/src/transforms.c:194:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(label, _("= log of %s"), parent);
data/gretl-2020e/lib/src/transforms.c:196:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(label, _("= %s squared"), parent);
data/gretl-2020e/lib/src/transforms.c:200:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(label, "= %s(t - %d)", parent, aux);
data/gretl-2020e/lib/src/transforms.c:202:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(label, "= %s(t + %d)", parent, -aux);
data/gretl-2020e/lib/src/transforms.c:205:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(label, "= 1/%s", parent);
data/gretl-2020e/lib/src/transforms.c:209:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(label, _("= centered %s"), parent);
data/gretl-2020e/lib/src/transforms.c:211:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(label, _("= standardized %s"), parent);
data/gretl-2020e/lib/src/transforms.c:214:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(label, _("= resampled %s"), parent);
data/gretl-2020e/lib/src/transforms.c:216:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(label, _("= high-frequency difference of %s"), parent);
data/gretl-2020e/lib/src/transforms.c:218:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(label, _("= high-frequency log difference of %s"), parent);
data/gretl-2020e/lib/src/transforms.c:710:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dset->varname[vnum], vname);
data/gretl-2020e/lib/src/transforms.c:813:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(label, _("= %s times %s"), dset->varname[v],
data/gretl-2020e/lib/src/transforms.c:820:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(label, _("dummy for %s = '%s'"), dset->varname[v], s);
data/gretl-2020e/lib/src/transforms.c:822:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(label, _("dummy for %s = %g"), dset->varname[v], x);
data/gretl-2020e/lib/src/transforms.c:825:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(label, _("dummy for %s = %g"), dset->varname[v], x);
data/gretl-2020e/lib/src/transforms.c:1178:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(sfx, s + nc);
data/gretl-2020e/lib/src/transforms.c:1181:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(tmp, sfx);
data/gretl-2020e/lib/src/transforms.c:1791:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(dset->varname[vi], vname);
data/gretl-2020e/lib/src/uservar.c:2257:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(path, "%s%c%s.xml", dirname, SLASH, typestr);
data/gretl-2020e/lib/src/uservar.c:2307:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(path, "%s%c%s.xml", dirname, SLASH, typestr);
data/gretl-2020e/lib/src/uservar.c:2321:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(root_name, "gretl-%s", typestr);
data/gretl-2020e/lib/src/uservar.c:2461:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(listname, uvars[i]->name);
data/gretl-2020e/lib/src/uservar.c:2484:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(listname, uvars[i]->name);
data/gretl-2020e/lib/src/var.c:2298:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(params[k++], dset->varname[0]);
data/gretl-2020e/lib/src/var.c:2321:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(params[k++], dset->varname[v->xlist[i]]);
data/gretl-2020e/lib/src/varprint.c:983:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(s, _("All lags of %s"), "x");
data/gretl-2020e/lib/src/varprint.c:1048:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(label, A_("VECM system, lag order %d"), var->order + 1);
data/gretl-2020e/lib/src/varprint.c:1050:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(label, A_("VAR system, lag order %d"), var->order);
data/gretl-2020e/lib/src/varprint.c:1178:7:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		    sprintf(label, A_("All lags of %s"), vname);
data/gretl-2020e/lib/src/varprint.c:1188:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(label, _("All lags of %s"), tmp);
data/gretl-2020e/lib/src/varprint.c:1209:7:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		    sprintf(label, A_("All vars, lag %d"), maxlag);
data/gretl-2020e/lib/src/varprint.c:1244:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(h0str, A_("the longest lag is %d"), nextlag);
data/gretl-2020e/lib/src/varprint.c:1245:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(h1str, A_("the longest lag is %d"), maxlag);
data/gretl-2020e/plugin/arbond.c:2587:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    if (sscanf(s, fmt, vname, &m1, &m2) != 3) {
data/gretl-2020e/plugin/arma_init.c:1166:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(targ, src);
data/gretl-2020e/plugin/arma_init.c:1356:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(fnstr, term);
data/gretl-2020e/plugin/arma_x12.c:119:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(outname, "%s.out", path);
data/gretl-2020e/plugin/arma_x12.c:192:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	if (sscanf(s, fmt, &maj, &min) == 2) {
data/gretl-2020e/plugin/arma_x12.c:205:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(date, "%s:%s", tmp, s + len - 2);
data/gretl-2020e/plugin/arma_x12.c:568:15:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	if (start && sscanf(line, "%s %lf", date, &x) == 2) {
data/gretl-2020e/plugin/arma_x12.c:945:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(old, exts[i]);
data/gretl-2020e/plugin/arma_x12.c:1015:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(yname, dset->varname[ainfo->yno]);
data/gretl-2020e/plugin/arma_x12.c:1018:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(path, "%s%c%s.spc", workdir, SLASH, yname);
data/gretl-2020e/plugin/arma_x12.c:1034:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(path, "%s%c%s", workdir, SLASH, yname);
data/gretl-2020e/plugin/arma_x12.c:1051:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(path, "%s%c%s.err", workdir, SLASH, yname);
data/gretl-2020e/plugin/eviews_import.c:455:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf(tmp, fmt, startyr, startper);
data/gretl-2020e/plugin/excel_import.c:97:8:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	len = vfprintf(stderr, format, args);
data/gretl-2020e/plugin/geoplot.c:96:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(p, ext);
data/gretl-2020e/plugin/geoplot.c:1344:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(infile, mapname);
data/gretl-2020e/plugin/gnumeric_import.c:316:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(sheet->dset->S[real_t], targ);
data/gretl-2020e/plugin/import_common.c:46:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(s, name);
data/gretl-2020e/plugin/import_common.c:214:5:  [4] (tmpfile) mktemp:
  Temporary file race condition (CWE-377).
    mktemp(dname);
data/gretl-2020e/plugin/import_common.c:514:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(msg, MAXLEN, template, args);
data/gretl-2020e/plugin/jmulti_import.c:22:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(name, test);
data/gretl-2020e/plugin/jmulti_import.c:162:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(stobs, YMD_WRITE_FMT, y, m, d);
data/gretl-2020e/plugin/jmulti_import.c:358:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(newset->stobs, stobs);
data/gretl-2020e/plugin/kernel.c:121:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(tmp, _("Estimated density of %s"), vname);
data/gretl-2020e/plugin/leverage.c:333:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(fstr, "%15s", _("undefined"));
data/gretl-2020e/plugin/libshp/dbfopen.c:51:14:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#     define snprintf _snprintf
data/gretl-2020e/plugin/libshp/dbfopen.c:51:23:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#     define snprintf _snprintf
data/gretl-2020e/plugin/libshp/dbfopen.c:54:11:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  ifndef snprintf
data/gretl-2020e/plugin/libshp/dbfopen.c:55:14:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#     define snprintf _snprintf
data/gretl-2020e/plugin/libshp/dbfopen.c:55:23:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#     define snprintf _snprintf
data/gretl-2020e/plugin/libshp/dbfopen.c:267:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(DBF->CodePage, (char *) buf);
data/gretl-2020e/plugin/libshp/shpopen.c:51:14:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#     define snprintf _snprintf
data/gretl-2020e/plugin/libshp/shpopen.c:51:23:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#     define snprintf _snprintf
data/gretl-2020e/plugin/libshp/shpopen.c:54:11:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  ifndef snprintf
data/gretl-2020e/plugin/libshp/shpopen.c:55:14:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#     define snprintf _snprintf
data/gretl-2020e/plugin/libshp/shpopen.c:55:23:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#     define snprintf _snprintf
data/gretl-2020e/plugin/libsvm/svmlib.cpp:72:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf(buf, fmt, ap);
data/gretl-2020e/plugin/libsvm/svmlib.cpp:2894:6:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	if (fscanf(_stream, _format, _var) != 1) return false;	\
data/gretl-2020e/plugin/mailer.c:1020:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(tmpfname, "%smpack.XXXXXX", gretl_dotdir());
data/gretl-2020e/plugin/mp_ols.c:298:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(xnames[xn++], dset->varname[0]); 	 
data/gretl-2020e/plugin/mp_ols.c:321:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(xnames[xn++], dset->varname[vi]); 	 
data/gretl-2020e/plugin/mp_ols.c:329:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(xnames[xn++], "%s^%d", 	 
data/gretl-2020e/plugin/odbc_import.c:337:7:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		    sprintf(obsbit, odinfo->fmts[i], (int) grabint[j++]);
data/gretl-2020e/plugin/odbc_import.c:339:7:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		    sprintf(obsbit, odinfo->fmts[i], grabstr[k++]);
data/gretl-2020e/plugin/odbc_import.c:343:7:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		    sprintf(obsbit, odinfo->fmts[i], grabx[p++]);
data/gretl-2020e/plugin/odbc_import.c:349:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(odinfo->S[t], obsbit);
data/gretl-2020e/plugin/ods_import.c:825:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(sheet->dset->S[t], sheet->dset->S[t-1]);
data/gretl-2020e/plugin/sas_import.c:273:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(var->name, vname);
data/gretl-2020e/plugin/sas_import.c:274:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(var->label, label);
data/gretl-2020e/plugin/sas_import.c:292:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(finfo->revdate, dstr);
data/gretl-2020e/plugin/sas_import.c:437:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dset->varname[i+1], finfo->vars[i].name);
data/gretl-2020e/plugin/sas_import.c:585:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(tmp, "%s\nSAS data dated %s", dset->descrip,
data/gretl-2020e/plugin/spss_import.c:211:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(msg, sizeof msg, fmt, args);
data/gretl-2020e/plugin/spss_import.c:415:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(s, name);
data/gretl-2020e/plugin/spss_import.c:1242:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(sdat->descrip, "%s\n%s\n", label, datestr);
data/gretl-2020e/plugin/spss_import.c:1244:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(sdat->descrip, "%s\n", datestr);
data/gretl-2020e/plugin/stata_export.c:214:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(hdr->data_label, "Written by gretl %s", GRETL_VERSION);
data/gretl-2020e/plugin/stata_export.c:360:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(timevar, dset->pd == 4 ? "quarter" : "month");
data/gretl-2020e/plugin/stata_export.c:485:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(buf, timevar);
data/gretl-2020e/plugin/stata_export.c:495:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(buf, dset->varname[i]);
data/gretl-2020e/plugin/stata_import.c:658:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(dinfo->descrip, tr);
data/gretl-2020e/plugin/stata_import.c:661:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(dinfo->descrip, stamp);
data/gretl-2020e/plugin/stata_import.c:686:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(name, test);
data/gretl-2020e/plugin/stata_import.c:850:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(dset->stobs, ymd);
data/gretl-2020e/plugin/stats_tables.c:163:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(datfile, "%sdata\\dwdata.gz", gretl_plugin_path());
data/gretl-2020e/plugin/stats_tables.c:165:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(datfile, "%sdata/dwdata.gz", gretl_plugin_path());
data/gretl-2020e/plugin/svm.c:2543:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(w->foldname, dset->varname[v]);
data/gretl-2020e/plugin/tramo-x12a.c:218:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(name, gtk_entry_get_text(entry));
data/gretl-2020e/plugin/tramo-x12a.c:305:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(request->opts[idx].savename, "%.8s_%s", request->yname,
data/gretl-2020e/plugin/tramo-x12a.c:509:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(seats, tramo);
data/gretl-2020e/plugin/tramo-x12a.c:604:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(title, "%s - 1", _("irregular"));
data/gretl-2020e/plugin/tramo-x12a.c:606:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(title, "%s", _("irregular"));
data/gretl-2020e/plugin/tramo-x12a.c:679:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(targ->varname[targv], src->varname[srcv]);
data/gretl-2020e/plugin/tramo-x12a.c:780:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(sfname, path);
data/gretl-2020e/plugin/tramo-x12a.c:783:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(p + 1, x12a_save_strings[src]);
data/gretl-2020e/plugin/tramo-x12a.c:839:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(varname, request->opts[src].savename);
data/gretl-2020e/plugin/tramo-x12a.c:842:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(varname, "%.8s_%s", dset->varname[0],
data/gretl-2020e/plugin/tramo-x12a.c:851:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dset->varname[targv], varname);
data/gretl-2020e/plugin/tramo-x12a.c:852:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(label, _(tx_descrip_formats[src]), dset->varname[0]);
data/gretl-2020e/plugin/tramo-x12a.c:930:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(sfname, path);
data/gretl-2020e/plugin/tramo-x12a.c:933:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(p + 1, x12a_save_strings[TX_SA]);
data/gretl-2020e/plugin/tramo-x12a.c:1078:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(request->yname, dset->varname[varnum]);
data/gretl-2020e/plugin/tramo-x12a.c:1333:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(targ->stobs, src->stobs);
data/gretl-2020e/plugin/tramo-x12a.c:1647:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(vname, dset->varname[varnum]);
data/gretl-2020e/plugin/urcdist.c:525:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(datafile, "%sdata%curcdata.bin", path, SLASH);
data/gretl-2020e/plugin/xlsx_import.c:981:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(xinfo->sheetfile, "xl%c%s", SLASH,
data/gretl-2020e/plugin/xlsx_import.c:1594:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dset->S[t], datestr);
data/gretl-2020e/plugin/zipunzip/zipmain.c:57:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(stderr, format, args);
data/gretl-2020e/plugin/zipunzip/zipmain.c:189:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(zerrbuf, "zip error: %s", ziperrors[err]);
data/gretl-2020e/plugin/zipunzip/zipmain.c:215:6:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    vsnprintf(buf, rem, format, args);
data/gretl-2020e/plugin/zipunzip/zipmain.c:619:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tempzip, zf.fname);
data/gretl-2020e/plugin/zipunzip/zipmain.c:1092:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tempzip, zf->fname);
data/gretl-2020e/plugin/zipunzip/zipwork.c:554:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dirname, prefix);
data/gretl-2020e/plugin/zipunzip/zipwork.c:556:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(dirname, G_DIR_SEPARATOR_S);
data/gretl-2020e/plugin/zipunzip/zsystem.c:114:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(path, fname);
data/gretl-2020e/plugin/zipunzip/zsystem.c:129:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(strcpy(dpath, path), dirname);
data/gretl-2020e/plugin/zipunzip/zsystem.c:129:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcat(strcpy(dpath, path), dirname);
data/gretl-2020e/plugin/zipunzip/zsystem.c:295:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(xname, tmp);
data/gretl-2020e/plugin/zipunzip/zsystem.c:304:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(xname, tmp);
data/gretl-2020e/share/bcih/mkbin.c:43:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(datpath, "%s/%s", argv[1], datfile);
data/gretl-2020e/share/bcih/mkbin.c:45:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(datpath, datfile);
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:265:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(line, "deriv %s = %s", tester.coeffs[i].name, derivs[i]);
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:290:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(line, tester.coeffs[i].name);
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:331:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
    if (sscanf(s, "%s", tester.datname) != 1) {
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:404:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(tester.model_spec, s);
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:659:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(line, "%s = %g", tester.coeffs[i].name, x);
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:804:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(s, "coeff for %s", tester.coeffs[i].name);
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:815:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(s, "std err for %s", tester.coeffs[i].name);
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:915:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(worst_coeff_name, tester.datname);
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:922:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(worst_sderr_name, tester.datname);
data/gretl-2020e/tests/nistcheck.c:152:10:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	    if (fscanf(fp, "%s", numstr) != 1) {
data/gretl-2020e/tests/nistcheck.c:858:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(datadir, argv[1]);
data/gretl-2020e/tests/nistcheck.c:860:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(datadir, argv[2]);
data/gretl-2020e/tests/nistcheck.c:958:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(datadir, "%snist", datapath);
data/gretl-2020e/utils/FRB/frb2db.c:192:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(tmp, fixers[i].repl);
data/gretl-2020e/utils/FRB/frb2db.c:293:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(fs->name, H15_fixers[i].ok);
data/gretl-2020e/utils/FRB/frb2db.c:294:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(fs->descrip, H15_fixers[i].desc);
data/gretl-2020e/utils/FRED/fred2db.c:345:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	return strcpy(targ, src);
data/gretl-2020e/utils/FRED/fred2db.c:551:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(url, "%s/series?series_id=%s&api_key=%s",
data/gretl-2020e/utils/FRED/fred2db.c:555:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(url, "%s/series/observations?series_id=%s&api_key=%s",
data/gretl-2020e/utils/dbzip/gretlzip.c:34:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(buf, timebuf);
data/gretl-2020e/utils/dbzip/gretlzip.c:47:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(buf, timebuf);
data/gretl-2020e/utils/dbzip/gretlzip.c:68:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(p, ext);
data/gretl-2020e/utils/dbzip/gretlzip.c:70:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(fname, ext);
data/gretl-2020e/utils/dbzip/gretlzip.c:134:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(idxname, "%s.idx", fname);
data/gretl-2020e/utils/dbzip/gretlzip.c:135:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(binname, "%s.bin", fname);
data/gretl-2020e/utils/dbzip/gretlzip.c:136:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(cbname, "%s.cb", fname);
data/gretl-2020e/utils/dbzip/gretlzip.c:141:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(infobuf, "Couldn't open %s for reading\n", idxname);
data/gretl-2020e/utils/dbzip/gretlzip.c:147:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(infobuf, "Couldn't open %s for reading\n", binname);
data/gretl-2020e/utils/dbzip/gretlzip.c:159:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(cbname, "%s.pdf", fname);
data/gretl-2020e/utils/dbzip/gretlzip.c:169:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(infobuf, "Couldn't open %s for writing\n", gzname);
data/gretl-2020e/utils/dbzip/gretlzip.c:184:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(infobuf, "Error stat'ing %s\n", readname);
data/gretl-2020e/utils/dbzip/gretlzip.c:189:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(infobuf, tmp);
data/gretl-2020e/utils/dbzip/gretlzip.c:195:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(tmp, "%15s", strip_path(readname));
data/gretl-2020e/utils/dbzip/gretlzip.c:196:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(infobuf, tmp);
data/gretl-2020e/utils/dbzip/gretlzip.c:247:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(idxname, "%s.idx", outname);
data/gretl-2020e/utils/dbzip/gretlzip.c:248:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(binname, "%s.bin", outname);
data/gretl-2020e/utils/dbzip/gretlzip.c:253:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(infobuf, "Couldn't gzopen %s for reading\n", fname);
data/gretl-2020e/utils/dbzip/gretlzip.c:260:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(infobuf, "Couldn't open %s for writing\n", idxname);
data/gretl-2020e/utils/dbzip/gretlzip.c:268:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(infobuf, "Couldn't open '%s' for writing\n"
data/gretl-2020e/utils/dbzip/gretlzip.c:275:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(infobuf, gzbuf);
data/gretl-2020e/utils/dbzip/gretlzip.c:285:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(cbname, "%s.pdf", outname);
data/gretl-2020e/utils/dbzip/gretlzip.c:288:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(cbname, "%s.cb", outname);
data/gretl-2020e/utils/dbzip/gretlzip.c:292:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(infobuf, "Couldn't open '%s' for writing\n"
data/gretl-2020e/utils/dbzip/gretlzip.c:384:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(outname, fname);
data/gretl-2020e/utils/scriptfix/scriptfix.c:174:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(ret, "%s.fixed", fname);
data/gretl-2020e/utils/scriptfix/scriptfix.c:314:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(orig, line); /* for reference */
data/gretl-2020e/builddate.c:14:31:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *source_date_epoch = getenv("SOURCE_DATE_EPOCH");
data/gretl-2020e/cli/gretlcli.c:285:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("CLI_DEBUG")) {
data/gretl-2020e/dcmt/prescr.c:533:12:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	    aaa = random();
data/gretl-2020e/gui/datafiles.c:2598:21:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
		gchar *realbase, *realpath;
data/gretl-2020e/gui/datafiles.c:2606:47:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
		    *nfn += ok_gfn_path(fullname, realbase, realpath,
data/gretl-2020e/gui/datafiles.c:2609:14:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
		    g_free(realpath);
data/gretl-2020e/gui/fileselect.c:808:25:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
    const gchar *home = g_get_home_dir();
data/gretl-2020e/gui/gretl.c:411:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *gretlhome = getenv("GRETL_HOME");
data/gretl-2020e/gui/gretl.c:451:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *mylang = getenv("GRETL_LANG");
data/gretl-2020e/gui/gretl.c:2106:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *topdir = getenv("GTK_DATA_PREFIX");
data/gretl-2020e/gui/gretlwin32.c:120:11:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
    ret = CreateProcess(NULL,
data/gretl-2020e/gui/gretlwin32.c:120:11:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
    ret = CreateProcess(NULL,
data/gretl-2020e/gui/gretlwin32.c:269:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *s = getenv("OSTYPE");
data/gretl-2020e/gui/gretlwin32.c:926:10:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
    if (!CreateProcess(NULL, (LPTSTR) prog, NULL, NULL, FALSE, 0,
data/gretl-2020e/gui/gretlwin32.c:926:10:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
    if (!CreateProcess(NULL, (LPTSTR) prog, NULL, NULL, FALSE, 0,
data/gretl-2020e/gui/gui_utils.c:5891:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("ALTSHOW") != NULL) {
data/gretl-2020e/gui/osx_env.c:67:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    rhome = getenv("R_HOME");
data/gretl-2020e/gui/osx_env.c:74:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *path0 = getenv("PATH");
data/gretl-2020e/gui/settings.c:730:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *test = getenv("GRETL_STARTDIR");
data/gretl-2020e/gui/settings.c:2390:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *home = getenv("HOME");
data/gretl-2020e/gui/settings.c:2938:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    tmp = getenv("HOME");
data/gretl-2020e/gui/settings.c:3240:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *topdir = getenv("GTK_DATA_PREFIX");
data/gretl-2020e/lib/src/adf_kpss.c:1436:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("DFGLS_NO_PVALUE")) {
data/gretl-2020e/lib/src/geneval.c:4520:24:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
        if (has_suffix(realpath, ".csv")) {
data/gretl-2020e/lib/src/geneval.c:4521:40:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
            p->err = check_matrix_file(realpath, &csv);
data/gretl-2020e/lib/src/geneval.c:4536:49:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
                ret->v.m = import_csv_as_matrix(realpath, &p->err);
data/gretl-2020e/lib/src/geneval.c:4538:56:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
                ret->v.m = gretl_matrix_read_from_file(realpath, 0, &p->err);
data/gretl-2020e/lib/src/geneval.c:4542:52:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
            ret->v.b = gretl_bundle_read_from_file(realpath, 0, &p->err);
data/gretl-2020e/lib/src/genfuncs.c:8306:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("REPLACE_USE_BTREE") != NULL) {
data/gretl-2020e/lib/src/genfuncs.c:8308:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    } else if (getenv("REPLACE_NAIVE") != NULL) {
data/gretl-2020e/lib/src/gmm.c:1707:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("GMM_NORMALIZE_2") != NULL) {
data/gretl-2020e/lib/src/graphing.c:1009:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	grfont = getenv("GRETL_PNG_GRAPH_FONT");
data/gretl-2020e/lib/src/gretl_bfgs.c:155:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *s = getenv("H_EXTRA");
data/gretl-2020e/lib/src/gretl_foreign.c:648:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	hostfile = getenv("GRETL_MPI_HOSTS");
data/gretl-2020e/lib/src/gretl_foreign.c:883:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	hostfile = getenv("GRETL_MPI_HOSTS");
data/gretl-2020e/lib/src/gretl_foreign.c:2411:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *oldpath = getenv("PATH");
data/gretl-2020e/lib/src/gretl_foreign.c:2473:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    Rhome = getenv("R_HOME");
data/gretl-2020e/lib/src/gretl_foreign.c:2641:49:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (!Rlib_err && libset_get_bool(R_LIB) && !getenv("GRETL_NO_RLIB")) {
data/gretl-2020e/lib/src/gretl_intl.c:246:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *e = getenv("GRETL_CPAGE");
data/gretl-2020e/lib/src/gretl_intl.c:327:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    lang = getenv("LANG");
data/gretl-2020e/lib/src/gretl_intl.c:766:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	    lang = getenv("LANG");
data/gretl-2020e/lib/src/gretl_intl.c:875:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *lang = getenv("LANG");
data/gretl-2020e/lib/src/gretl_matrix.c:3759:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    envstr = getenv("GRETL_MATRIX_DEBUG");
data/gretl-2020e/lib/src/gretl_matrix.c:3763:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	envstr = getenv("GRETL_MATRIX_PRINT6");
data/gretl-2020e/lib/src/gretl_matrix.c:4542:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char *envstr = getenv("GRETL_MATRIX_DEBUG");
data/gretl-2020e/lib/src/gretl_matrix.c:9087:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("GRETL_MATRIX_DEBUG")) {
data/gretl-2020e/lib/src/gretl_matrix.c:9980:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *s = getenv("GRETL_OLD_EV");
data/gretl-2020e/lib/src/gretl_matrix.c:10523:39:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (!full && x->rows > x->cols && getenv("GRETL_REAL_SVD") == NULL) {
data/gretl-2020e/lib/src/gretl_matrix.c:12287:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("USE_LAPACK") != NULL) {
data/gretl-2020e/lib/src/gretl_mpi.c:162:17:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
    MPIhandle = LoadLibrary("msmpi.dll");
data/gretl-2020e/lib/src/gretl_panel.c:468:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("ARELLANO_ASY") != NULL) {
data/gretl-2020e/lib/src/gretl_paths.c:1838:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *homedir = getenv("HOME");
data/gretl-2020e/lib/src/gretl_paths.c:1858:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *homedir = getenv("HOME");
data/gretl-2020e/lib/src/gretl_paths.c:1946:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *ipath = getenv("GRETL_INCLUDE_PATH");
data/gretl-2020e/lib/src/gretl_paths.c:2203:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *epath = getenv("GRETL_PLUGIN_PATH");
data/gretl-2020e/lib/src/gretl_paths.c:2276:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *home = getenv("HOME");
data/gretl-2020e/lib/src/gretl_paths.c:2758:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *ghome = getenv("GRETL_HOME");
data/gretl-2020e/lib/src/gretl_paths.c:2878:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    dirname = getenv("HOME");
data/gretl-2020e/lib/src/gretl_paths.c:3106:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *home = getenv("HOME");
data/gretl-2020e/lib/src/gretl_paths.c:3111:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	home = getenv("GRETL_WORKDIR");
data/gretl-2020e/lib/src/gretl_paths.c:3331:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *home = getenv("HOME");
data/gretl-2020e/lib/src/gretl_paths.c:3364:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *home = getenv("HOME");
data/gretl-2020e/lib/src/gretl_paths.c:3712:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *path = getenv("GRETL_CONFIG_FILE");
data/gretl-2020e/lib/src/gretl_paths.c:3721:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	path = getenv("HOME");
data/gretl-2020e/lib/src/gretl_paths.c:3796:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	const char *home = getenv("HOME");
data/gretl-2020e/lib/src/gretl_string_table.c:1027:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *test = getenv(key);
data/gretl-2020e/lib/src/gretl_utils.c:2931:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    path = getenv("PATH");
data/gretl-2020e/lib/src/gretl_win32.c:169:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *home = getenv("HOME");
data/gretl-2020e/lib/src/gretl_win32.c:427:10:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
    ok = CreateProcess(NULL,
data/gretl-2020e/lib/src/gretl_win32.c:427:10:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
    ok = CreateProcess(NULL,
data/gretl-2020e/lib/src/gretl_win32.c:635:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("SHELLDEBUG")) {
data/gretl-2020e/lib/src/gretl_win32.c:761:10:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
    ok = CreateProcess(NULL,
data/gretl-2020e/lib/src/gretl_win32.c:761:10:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
    ok = CreateProcess(NULL,
data/gretl-2020e/lib/src/gretl_win32.c:868:10:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
    ok = CreateProcess(NULL,
data/gretl-2020e/lib/src/gretl_win32.c:868:10:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
    ok = CreateProcess(NULL,
data/gretl-2020e/lib/src/gretl_win32.c:917:10:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
    ok = CreateProcess(NULL,
data/gretl-2020e/lib/src/gretl_win32.c:917:10:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
    ok = CreateProcess(NULL,
data/gretl-2020e/lib/src/gretl_win32.c:984:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    } else if (getenv("GRETL_SHELL_NEW")) {
data/gretl-2020e/lib/src/gretl_www.c:123:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    u->verbose = getenv("GRETL_WWW_VERBOSE") != NULL;
data/gretl-2020e/lib/src/gretl_www.c:388:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *pfx = getenv("MINGW_PREFIX");
data/gretl-2020e/lib/src/gretl_www.c:482:5:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			 getenv("GRETL_WWW_VERBOSE") != NULL);
data/gretl-2020e/lib/src/interact.c:361:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char *theshell = getenv("SHELL");
data/gretl-2020e/lib/src/interact.c:2967:33:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (!gretl_in_gui_mode() && getenv("CLI_NO_PLOTS")
data/gretl-2020e/lib/src/libset.c:623:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *envstr = getenv("GRETL_USE_OPENMP");
data/gretl-2020e/lib/src/libset.c:631:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *s = getenv("OMP_NUM_THREADS");
data/gretl-2020e/lib/src/libset.c:806:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *s = getenv("GRETL_MP_BITS");
data/gretl-2020e/lib/src/libset.c:2371:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *e = getenv(s);
data/gretl-2020e/lib/src/plugins.c:382:11:  [3] (misc) LoadLibraryEx:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
	handle = LoadLibraryEx(path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH);
data/gretl-2020e/lib/src/plugins.c:384:11:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
	handle = LoadLibrary(path);
data/gretl-2020e/lib/src/random.c:197:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *fseed = getenv("GRETL_FORCE_SEED");
data/gretl-2020e/lib/src/texprint.c:1141:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *lang = getenv("LANG");
data/gretl-2020e/lib/src/texprint.c:1244:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *lang = getenv("LANG");
data/gretl-2020e/lib/src/var.c:2552:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("VAR_USE_QR") != NULL) {
data/gretl-2020e/lib/src/vartest.c:775:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("VAR_USE_QR") != NULL) {
data/gretl-2020e/plugin/arma.c:858:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char *envstr = getenv("GRETL_MATRIX_DEBUG");
data/gretl-2020e/plugin/arma.c:1269:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("KALMAN_AVG_LL") != NULL) {
data/gretl-2020e/plugin/arma.c:1272:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("ARMA_USE_NEWTON") != NULL) {
data/gretl-2020e/plugin/arma.c:1837:54:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (ainfo->init != INI_USER && ((opt & OPT_B) || getenv("INIT_VIA_CML"))) {
data/gretl-2020e/plugin/json_get.c:1294:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("JSONGETB_OLD") != NULL) {
data/gretl-2020e/plugin/mailer.c:323:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *home = getenv("HOME");
data/gretl-2020e/plugin/mp_ols.c:565:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *user_bits = getenv("GRETL_MP_BITS");
data/gretl-2020e/plugin/mp_ols.c:581:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *user_bits = getenv("GRETL_MP_BITS");
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:1111:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
        int c = getopt(argc, argv, "avf:t:");
data/gretl-2020e/tests/nistcheck.c:1012:14:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
    handle = LoadLibrary("plugins\\mp_ols.dll");
data/gretl-2020e/addons/gfnindex.c:9:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *s, fname[128], line[1024];
data/gretl-2020e/addons/gfnindex.c:13:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(fname, "r");
data/gretl-2020e/addons/gfnstrings.c:7:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[128], line[1024];
data/gretl-2020e/addons/gfnstrings.c:11:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(fname, "r");
data/gretl-2020e/builddate.c:62:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *s, line[128];
data/gretl-2020e/builddate.c:67:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen("build.h", "r");
data/gretl-2020e/builddate.c:83:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen("build.h", "w");
data/gretl-2020e/cli/cli_object.c:27:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[MAXSAVENAME] = {0};
data/gretl-2020e/cli/cli_object.c:71:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char objname[MAXSAVENAME] = {0};
data/gretl-2020e/cli/gretlcli-mpi.c:56:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char datafile[MAXLEN];
data/gretl-2020e/cli/gretlcli-mpi.c:60:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char linebak[MAXLINE];
data/gretl-2020e/cli/gretlcli-mpi.c:189:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(line, "quit");
data/gretl-2020e/cli/gretlcli-mpi.c:212:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char localedir[MAXLEN];
data/gretl-2020e/cli/gretlcli-mpi.c:286:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *test, tmp[MAXLINE];
data/gretl-2020e/cli/gretlcli-mpi.c:366:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char linecopy[MAXLINE];
data/gretl-2020e/cli/gretlcli-mpi.c:371:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filearg[MAXLEN];
data/gretl-2020e/cli/gretlcli-mpi.c:372:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char runfile[MAXLEN];
data/gretl-2020e/cli/gretlcli-mpi.c:613:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char newfile[MAXLEN] = {0};
data/gretl-2020e/cli/gretlcli-mpi.c:634:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(newfile, "dbnomics");
data/gretl-2020e/cli/gretlcli-mpi.c:761:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char runfile[MAXLEN];
data/gretl-2020e/cli/gretlcli.c:64:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char datafile[MAXLEN];
data/gretl-2020e/cli/gretlcli.c:65:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char cmdfile[MAXLEN];
data/gretl-2020e/cli/gretlcli.c:71:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char linebak[MAXLINE];      /* for storing comments */
data/gretl-2020e/cli/gretlcli.c:247:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(line, "quit");
data/gretl-2020e/cli/gretlcli.c:270:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char localedir[MAXLEN];
data/gretl-2020e/cli/gretlcli.c:357:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s->line, "quit");
data/gretl-2020e/cli/gretlcli.c:396:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[MAXLINE];
data/gretl-2020e/cli/gretlcli.c:524:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char given_file[MAXLEN];
data/gretl-2020e/cli/gretlcli.c:602:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char linecopy[MAXLINE];
data/gretl-2020e/cli/gretlcli.c:611:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filearg[MAXLEN];
data/gretl-2020e/cli/gretlcli.c:612:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char runfile[MAXLEN];
data/gretl-2020e/cli/gretlcli.c:733:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(cmdfile, "session.inp");
data/gretl-2020e/cli/gretlcli.c:954:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char newfile[MAXLEN] = {0};
data/gretl-2020e/cli/gretlcli.c:955:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char response[3];
data/gretl-2020e/cli/gretlcli.c:976:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(newfile, "dbnomics");
data/gretl-2020e/cli/gretlcli.c:1086:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char outfile[FILENAME_MAX];
data/gretl-2020e/cli/gretlcli.c:1176:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char runfile[MAXLEN];
data/gretl-2020e/doc/tex/extract_scripts.c:12:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char line[1024];
data/gretl-2020e/doc/tex/extract_scripts.c:25:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(fname, "r");
data/gretl-2020e/extra/simple_client.c:67:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(dataset->varname[1], "price");
data/gretl-2020e/extra/simple_client.c:68:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(dataset->varname[2], "sqft");
data/gretl-2020e/gui/calculator.c:474:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(spec->xtics, "%d", tic_step(t_range[1] - t_range[0]));
data/gretl-2020e/gui/calculator.c:489:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "t,normal(t,mu%d,s%d)", k, j);
data/gretl-2020e/gui/calculator.c:493:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "t,stud(t,df%d)", k);
data/gretl-2020e/gui/calculator.c:501:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "t,f(t,df%d,df%d)", k, k + 1);
data/gretl-2020e/gui/calculator.c:507:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(targ, "int(t),bigbin(int(t)+.5,n%d*p%d,sqrt(n%d*p%d*(1-p%d)))", 
data/gretl-2020e/gui/calculator.c:510:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(targ, "int(t),binom(int(t),n%d,p%d)", k, j);
data/gretl-2020e/gui/calculator.c:515:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "int(t),poisson(lambda%d,int(t))", k);
data/gretl-2020e/gui/calculator.c:520:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "t,weibull(t,shp%d,scl%d)", k, j);
data/gretl-2020e/gui/calculator.c:606:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pline[128];
data/gretl-2020e/gui/calculator.c:699:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char v1[32] = {0};
data/gretl-2020e/gui/calculator.c:700:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char v2[32] = {0};
data/gretl-2020e/gui/calculator.c:701:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char got[MAX_DIST+2] = {0};
data/gretl-2020e/gui/calculator.c:785:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(v1, "mu%d=%g", k, parms[0]);
data/gretl-2020e/gui/calculator.c:787:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(v2, "s%d=%g", k, parms[1]);
data/gretl-2020e/gui/calculator.c:793:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(v1, "df%d=%.1f", k, parms[0]);
data/gretl-2020e/gui/calculator.c:795:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(v2, "df%d=%.1f", k + 1, parms[1]);
data/gretl-2020e/gui/calculator.c:800:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(v1, "n%d=%d", k, (int) parms[1]);
data/gretl-2020e/gui/calculator.c:802:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(v2, "p%d=%g", k, parms[0]);
data/gretl-2020e/gui/calculator.c:806:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(v1, "lambda%d=%g", k, parms[0]);
data/gretl-2020e/gui/calculator.c:810:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(v1, "shp%d=%f", k, parms[0]);
data/gretl-2020e/gui/calculator.c:812:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(v2, "scl%d=%f", k, parms[1]);
data/gretl-2020e/gui/calculator.c:940:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[32];
data/gretl-2020e/gui/calculator.c:984:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		k = atoi(s);
data/gretl-2020e/gui/calculator.c:2087:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[VNAMELEN];
data/gretl-2020e/gui/calculator.c:2168:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char numstr[32];
data/gretl-2020e/gui/calculator.c:2170:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(numstr, "%.10g", x);
data/gretl-2020e/gui/calculator.c:2176:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char numstr[16];
data/gretl-2020e/gui/calculator.c:2178:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(numstr, "%d", k);
data/gretl-2020e/gui/callbacks.c:527:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char title[64];
data/gretl-2020e/gui/callbacks.c:529:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(title, "gretl: ");
data/gretl-2020e/gui/callbacks.c:799:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *opts[n_opts];
data/gretl-2020e/gui/callbacks.c:845:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char title[64];
data/gretl-2020e/gui/callbacks.c:847:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(title, "gretl: ");
data/gretl-2020e/gui/callbacks.c:848:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(title, _("cross-correlogram"));
data/gretl-2020e/gui/cmdstack.c:46:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char logname[FILENAME_MAX]; /* filename for log */
data/gretl-2020e/gui/cmdstack.c:173:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char timestr[64];
data/gretl-2020e/gui/cmdstack.c:206:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char timestr[64];
data/gretl-2020e/gui/cmdstack.c:289:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[TESTLEN];
data/gretl-2020e/gui/cmdstack.c:359:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[6];
data/gretl-2020e/gui/cmdstack.c:471:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[FILENAME_MAX];
data/gretl-2020e/gui/console.c:439:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cbuf[MAXLINE];
data/gretl-2020e/gui/database.c:116:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(orig, "invalid string");
data/gretl-2020e/gui/database.c:903:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s[16];
data/gretl-2020e/gui/database.c:909:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "%g", d1);
data/gretl-2020e/gui/database.c:912:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "%g", d0);
data/gretl-2020e/gui/database.c:932:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stobs[OBSLEN], endobs[OBSLEN];
data/gretl-2020e/gui/database.c:1206:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char testname[MAXLEN];
data/gretl-2020e/gui/database.c:1210:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(testname, ".bin");
data/gretl-2020e/gui/database.c:1368:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stobs[OBSLEN], endobs[OBSLEN];
data/gretl-2020e/gui/database.c:1424:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sername[VNAMELEN];
data/gretl-2020e/gui/database.c:1425:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line1[DB_LINELEN], line2[128];
data/gretl-2020e/gui/database.c:1426:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dbidx[MAXLEN];
data/gretl-2020e/gui/database.c:1433:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(dbidx, ".idx");
data/gretl-2020e/gui/database.c:1506:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sername[VNAMELEN];
data/gretl-2020e/gui/database.c:1507:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line1[256], line2[256];
data/gretl-2020e/gui/database.c:1808:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stobs[OBSLEN], endobs[OBSLEN];
data/gretl-2020e/gui/database.c:1949:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(dbname, ".bin");
data/gretl-2020e/gui/database.c:2248:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dbfile[MAXLEN];
data/gretl-2020e/gui/database.c:2455:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char idxname[MAXLEN], binname[MAXLEN], cbname[MAXLEN];
data/gretl-2020e/gui/database.c:2456:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gzbuf[GRETL_BUFSIZE];
data/gretl-2020e/gui/database.c:2528:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(&(nf.frac), gzbuf, sizeof(long));
data/gretl-2020e/gui/database.c:2529:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(&(nf.exp), gzbuf + sizeof(long), sizeof(short));
data/gretl-2020e/gui/database.c:2595:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dbpath[MAXLEN];
data/gretl-2020e/gui/database.c:2598:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(strrchr(dbpath, '.'), ".bin");
data/gretl-2020e/gui/database.c:3005:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char idxname[FILENAME_MAX];
data/gretl-2020e/gui/database.c:3016:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(p, ".idx");
data/gretl-2020e/gui/database.c:3022:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[DB_DESCRIP_LEN + 32] = {0};
data/gretl-2020e/gui/database.c:3047:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char idxname[FILENAME_MAX];
data/gretl-2020e/gui/database.c:3048:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char idxtmp[FILENAME_MAX];
data/gretl-2020e/gui/database.c:3049:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[72];
data/gretl-2020e/gui/database.c:3056:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(p, ".idx");
data/gretl-2020e/gui/database.c:3062:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(p, ".idxtmp");
data/gretl-2020e/gui/database.c:3082:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[256];
data/gretl-2020e/gui/database.c:3087:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tmp, "# %.61s\n", p);
data/gretl-2020e/gui/database.c:3140:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fullname[MAXLEN];
data/gretl-2020e/gui/database.c:3197:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char month[4], hrs[9];
data/gretl-2020e/gui/database.c:3244:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	mytime.tm_hour = atoi(hrs);
data/gretl-2020e/gui/database.c:3253:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tbuf, "%d-%02d-%02d", yr, mon + 1, mday);
data/gretl-2020e/gui/database.c:3332:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[1024];
data/gretl-2020e/gui/database.c:3333:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[32];
data/gretl-2020e/gui/database.c:3334:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char src[96], srcbak[96];
data/gretl-2020e/gui/database.c:3848:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *S[5] = { NULL };
data/gretl-2020e/gui/database.c:3920:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[1024];
data/gretl-2020e/gui/database.c:3921:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[128];
data/gretl-2020e/gui/database.c:3922:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char basename[32];
data/gretl-2020e/gui/database.c:3950:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char datestr[12];
data/gretl-2020e/gui/database.c:4030:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[256];
data/gretl-2020e/gui/database.c:4031:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[32];
data/gretl-2020e/gui/database.c:4032:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tstr[16];
data/gretl-2020e/gui/database.c:4262:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char vname[VNAMELEN];
data/gretl-2020e/gui/database.c:4263:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    const char *S[4];
data/gretl-2020e/gui/datafiles.c:121:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char fpath[FILENAME_MAX];
data/gretl-2020e/gui/datafiles.c:191:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[64], title[24];
data/gretl-2020e/gui/datafiles.c:591:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[MAXLEN];
data/gretl-2020e/gui/datafiles.c:608:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fname[24], descrip[80], data[64];
data/gretl-2020e/gui/datafiles.c:664:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fullname[MAXLEN];
data/gretl-2020e/gui/datafiles.c:675:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(fullname, ".gdt");
data/gretl-2020e/gui/datafiles.c:702:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[MAXLEN];
data/gretl-2020e/gui/datafiles.c:709:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(tmp, ".gdt");
data/gretl-2020e/gui/datafiles.c:728:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(scriptfile, ".inp");
data/gretl-2020e/gui/datafiles.c:909:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[1024];
data/gretl-2020e/gui/datafiles.c:1104:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[FILENAME_MAX];
data/gretl-2020e/gui/datafiles.c:1137:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(path, ".pdf");
data/gretl-2020e/gui/datafiles.c:1140:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(path, ".gfn");
data/gretl-2020e/gui/datafiles.c:1148:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char test[FILENAME_MAX];
data/gretl-2020e/gui/datafiles.c:1153:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(test, ".gfn");
data/gretl-2020e/gui/datafiles.c:1390:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[FILENAME_MAX];
data/gretl-2020e/gui/datafiles.c:1393:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(path, ".gfn");
data/gretl-2020e/gui/datafiles.c:1849:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	filter = atoi(s + 1); /* "C<number>" */
data/gretl-2020e/gui/datafiles.c:1878:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[128];
data/gretl-2020e/gui/datafiles.c:1975:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char hname[48];
data/gretl-2020e/gui/datafiles.c:1984:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(hname, _("local machine"));
data/gretl-2020e/gui/datafiles.c:2418:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(s, "...");
data/gretl-2020e/gui/datafiles.c:2579:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fullname[MAXLEN];
data/gretl-2020e/gui/datafiles.c:2602:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(fullname, ".gfn");
data/gretl-2020e/gui/datawiz.c:331:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dwinfo->stobs, "1:1");
data/gretl-2020e/gui/datawiz.c:579:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stobs[OBSLEN];
data/gretl-2020e/gui/datawiz.c:580:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char endobs[OBSLEN];
data/gretl-2020e/gui/datawiz.c:609:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(ctxt, _("(dropping missing observations)"));
data/gretl-2020e/gui/datawiz.c:617:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(dwinfo->stobs, "1800-01-0%d", start_days[dwinfo->v]);
data/gretl-2020e/gui/datawiz.c:638:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obsstr[OBSLEN];
data/gretl-2020e/gui/datawiz.c:658:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(dwinfo->stobs, "1:");
data/gretl-2020e/gui/datawiz.c:673:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(dwinfo->stobs, "%d", dd);
data/gretl-2020e/gui/datawiz.c:682:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dwinfo->stobs, "1300:1");
data/gretl-2020e/gui/datawiz.c:686:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dwinfo->stobs, "1300:01");
data/gretl-2020e/gui/datawiz.c:690:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dwinfo->stobs, "1:01");
data/gretl-2020e/gui/datawiz.c:706:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dwinfo->stobs, "1900-01-01");
data/gretl-2020e/gui/datawiz.c:1046:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vtest[VNAMELEN];
data/gretl-2020e/gui/datawiz.c:1682:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ctxt[512];
data/gretl-2020e/gui/dialogs.c:347:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, s[32];
data/gretl-2020e/gui/dialogs.c:1450:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char numstr[32];
data/gretl-2020e/gui/dialogs.c:1452:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(numstr, "%fe-%d", ic->v1, ic->v2);
data/gretl-2020e/gui/dialogs.c:1464:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *s, numstr[32];
data/gretl-2020e/gui/dialogs.c:1480:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(numstr, "%g", *ptol);
data/gretl-2020e/gui/dialogs.c:1485:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ic.v2 = atoi(s+1);
data/gretl-2020e/gui/dialogs.c:1665:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char s1[OBSLEN], s2[OBSLEN];
data/gretl-2020e/gui/dialogs.c:2383:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s1[OBSLEN], s2[OBSLEN];
data/gretl-2020e/gui/dialogs.c:3680:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *fstr[4] = { NULL };
data/gretl-2020e/gui/dialogs.c:5446:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[MAXLEN];
data/gretl-2020e/gui/dialogs.c:5452:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(msg, "...");
data/gretl-2020e/gui/dialogs.c:5462:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[MAXLEN];
data/gretl-2020e/gui/dialogs.c:5479:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[MAXLEN];
data/gretl-2020e/gui/dialogs.c:5485:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(msg, "...");
data/gretl-2020e/gui/dialogs.c:5495:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[MAXLEN];
data/gretl-2020e/gui/dialogs.c:5507:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[MAXLEN];
data/gretl-2020e/gui/dialogs.c:5513:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(msg, "...");
data/gretl-2020e/gui/dialogs.c:5523:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[MAXLEN];
data/gretl-2020e/gui/dialogs.c:5697:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char c, bit[8], fmt[32];
data/gretl-2020e/gui/dialogs.c:5710:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(bit, "%%.%d%c", p, c);
data/gretl-2020e/gui/dialogs.c:5733:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            p = atoi(s + 1);
data/gretl-2020e/gui/dialogs.c:6116:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pcname[VNAMELEN];
data/gretl-2020e/gui/dialogs.c:6121:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(pcname, "i_");
data/gretl-2020e/gui/dialogs.c:6124:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(pcname, "pc_");
data/gretl-2020e/gui/dialogs.c:6271:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char obsstr[OBSLEN];
data/gretl-2020e/gui/dlgutils.c:856:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *s, mstr[8] = {0};
data/gretl-2020e/gui/filelists.c:39:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char datalist[MAXRECENT][MAXSTR];
data/gretl-2020e/gui/filelists.c:40:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char sessionlist[MAXRECENT][MAXSTR];
data/gretl-2020e/gui/filelists.c:41:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char scriptlist[MAXRECENT][MAXSTR];
data/gretl-2020e/gui/filelists.c:42:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gfnlist[MAXRECENT][MAXSTR];
data/gretl-2020e/gui/filelists.c:43:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char wdirlist[MAXRECENT][MAXSTR];
data/gretl-2020e/gui/filelists.c:46:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *datap[MAXRECENT];
data/gretl-2020e/gui/filelists.c:47:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *sessionp[MAXRECENT];
data/gretl-2020e/gui/filelists.c:48:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *scriptp[MAXRECENT];
data/gretl-2020e/gui/filelists.c:49:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *gfnp[MAXRECENT];
data/gretl-2020e/gui/filelists.c:50:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *wdirp[MAXRECENT];
data/gretl-2020e/gui/filelists.c:168:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[MAXLEN];
data/gretl-2020e/gui/filelists.c:379:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fullname[FILENAME_MAX];
data/gretl-2020e/gui/filelists.c:380:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *tmp[MAXRECENT-1];
data/gretl-2020e/gui/filelists.c:467:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *tmp[MAXRECENT];
data/gretl-2020e/gui/filelists.c:506:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ftype[8];
data/gretl-2020e/gui/filelists.c:536:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[MAXSTR];
data/gretl-2020e/gui/fileselect.c:102:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char alt_gfndir[FILENAME_MAX];
data/gretl-2020e/gui/fileselect.c:377:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char origname[MAXLEN];
data/gretl-2020e/gui/fileselect.c:378:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char newname[MAXLEN];
data/gretl-2020e/gui/fileselect.c:520:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(sfx, ".gdt");
data/gretl-2020e/gui/fileselect.c:609:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[FILENAME_MAX];
data/gretl-2020e/gui/fileselect.c:758:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, tmp[16];
data/gretl-2020e/gui/fileselect.c:780:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char suffix[16];
data/gretl-2020e/gui/fileselect.c:846:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fname[MAXLEN];
data/gretl-2020e/gui/fileselect.c:854:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fname[MAXLEN];
data/gretl-2020e/gui/fileselect.c:1164:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char savedir[MAXLEN];
data/gretl-2020e/gui/fileselect.c:1165:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char startdir[MAXLEN];
data/gretl-2020e/gui/filters.c:73:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char save_t[VNAMELEN];
data/gretl-2020e/gui/filters.c:74:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char save_c[VNAMELEN];
data/gretl-2020e/gui/filters.c:75:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label_t[MAXLABEL];
data/gretl-2020e/gui/filters.c:76:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label_c[MAXLABEL];
data/gretl-2020e/gui/filters.c:190:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(targ, "bk_");
data/gretl-2020e/gui/filters.c:196:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(targ, "fd_");
data/gretl-2020e/gui/filters.c:1112:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char rstr[64];
data/gretl-2020e/gui/filters.c:1122:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(rstr, "set xrange [0:%d] ; set yrange [0.8:%g] ;", T - 1,
data/gretl-2020e/gui/filters.c:1138:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[128];
data/gretl-2020e/gui/filters.c:1171:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(title, _("Gain for H-P filter (lambda = %g)"), finfo->lambda);
data/gretl-2020e/gui/filters.c:1233:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *s, fcmd[1024];
data/gretl-2020e/gui/fncall.c:535:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(p, ".pdf");
data/gretl-2020e/gui/fncall.c:1013:2:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	atoi(cinfo->pkgver) > 0 &&
data/gretl-2020e/gui/fncall.c:1042:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	combo_box_append_text(combo, (const char *) S[j]);
data/gretl-2020e/gui/fncall.c:1094:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	initv = atoi(prior_val);
data/gretl-2020e/gui/fncall.c:1863:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char auxline[MAXLINE];
data/gretl-2020e/gui/fncall.c:1864:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char auxname[VNAMELEN+2];
data/gretl-2020e/gui/fncall.c:1869:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(auxname, "FNARG%d", i + 1);
data/gretl-2020e/gui/fncall.c:1895:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    int val = atoi(cinfo->args[i]) + 1;
data/gretl-2020e/gui/fncall.c:1951:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(line, " = ");
data/gretl-2020e/gui/fncall.c:1959:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(line, " = ");
data/gretl-2020e/gui/fncall.c:1975:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(line, ", ");
data/gretl-2020e/gui/fncall.c:1987:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fnline[MAXLINE];
data/gretl-2020e/gui/fncall.c:2588:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char funname[32];
data/gretl-2020e/gui/fncall.c:4160:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char reqstr[8] = {0};
data/gretl-2020e/gui/fnsave.c:136:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char gui_attrs[N_SPECIALS]; /* attribute flags for special funcs */
data/gretl-2020e/gui/fnsave.c:537:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(fname, ".inp");
data/gretl-2020e/gui/fnsave.c:539:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(fname, ".spec");
data/gretl-2020e/gui/fnsave.c:541:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(fname, ".zip");
data/gretl-2020e/gui/fnsave.c:543:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(fname, ".gfn");
data/gretl-2020e/gui/fnsave.c:721:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char savepath[FILENAME_MAX];
data/gretl-2020e/gui/fnsave.c:742:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(savepath, ".gfn");
data/gretl-2020e/gui/fnsave.c:903:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char newname[FN_NAMELEN];
data/gretl-2020e/gui/fnsave.c:904:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[FN_NAMELEN];
data/gretl-2020e/gui/fnsave.c:946:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *s, line[MAXLINE];
data/gretl-2020e/gui/fnsave.c:1106:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[FILENAME_MAX];
data/gretl-2020e/gui/fnsave.c:1156:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, line[MAXLINE];
data/gretl-2020e/gui/fnsave.c:1818:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, targ[FILENAME_MAX];
data/gretl-2020e/gui/fnsave.c:1831:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(p, "doc");
data/gretl-2020e/gui/fnsave.c:2048:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char vstr[12];
data/gretl-2020e/gui/fnsave.c:2103:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    *new_val = 10 * atoi(s) + letter_to_int(s[4]);
data/gretl-2020e/gui/fnsave.c:2112:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[6] = {0};
data/gretl-2020e/gui/fnsave.c:2114:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%d", n);
data/gretl-2020e/gui/fnsave.c:2131:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    maxminver = 10 * atoi(GRETL_VERSION) + 9;
data/gretl-2020e/gui/fnsave.c:2246:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s0[6];
data/gretl-2020e/gui/fnsave.c:2249:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(s0, "C%02d: ", tag_lookups[i].code);
data/gretl-2020e/gui/fnsave.c:2262:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char code[6], newtags[32];
data/gretl-2020e/gui/fnsave.c:2319:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[128];
data/gretl-2020e/gui/fnsave.c:2501:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char words[3][16];
data/gretl-2020e/gui/fnsave.c:2511:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	level = atoi(s);
data/gretl-2020e/gui/fnsave.c:3192:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, test[FILENAME_MAX];
data/gretl-2020e/gui/fnsave.c:4067:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dtdname[FILENAME_MAX];
data/gretl-2020e/gui/fnsave.c:4474:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *p, newpath[FILENAME_MAX];
data/gretl-2020e/gui/fnsave.c:4488:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(newpath, ".gfn");
data/gretl-2020e/gui/fnsave.c:4752:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char *s, tmp[FILENAME_MAX];
data/gretl-2020e/gui/fnsave.c:4806:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vstr[10];
data/gretl-2020e/gui/fnsave.c:5284:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char inpname[FILENAME_MAX];
data/gretl-2020e/gui/fnsave.c:5285:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gfnname[FILENAME_MAX];
data/gretl-2020e/gui/gfn_arglists.c:28:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pkgname[32];
data/gretl-2020e/gui/gpt_control.c:195:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lc[8]; /* color */
data/gretl-2020e/gui/gpt_control.c:442:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[MAXLEN], fline[MAXLEN];
data/gretl-2020e/gui/gpt_control.c:462:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char restore_line[MAXLEN];
data/gretl-2020e/gui/gpt_control.c:621:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[FILENAME_MAX];
data/gretl-2020e/gui/gpt_control.c:681:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pline[512];
data/gretl-2020e/gui/gpt_control.c:771:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pltname[FILENAME_MAX];
data/gretl-2020e/gui/gpt_control.c:820:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pdfname[FILENAME_MAX];
data/gretl-2020e/gui/gpt_control.c:821:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char plttmp[FILENAME_MAX];
data/gretl-2020e/gui/gpt_control.c:864:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char grfname[FILENAME_MAX];
data/gretl-2020e/gui/gpt_control.c:865:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char plttmp[FILENAME_MAX];
data/gretl-2020e/gui/gpt_control.c:908:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char plttmp[FILENAME_MAX];
data/gretl-2020e/gui/gpt_control.c:971:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bufline[512];
data/gretl-2020e/gui/gpt_control.c:1000:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bufline[512];
data/gretl-2020e/gui/gpt_control.c:1079:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[128] = {0};
data/gretl-2020e/gui/gpt_control.c:1143:12:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
    gchar *tmpfile;
data/gretl-2020e/gui/gpt_control.c:1151:33:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
    err = dump_plot_buffer(buf, tmpfile, 1, src);
data/gretl-2020e/gui/gpt_control.c:1154:24:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	err = real_send_to_gp(tmpfile, 1);
data/gretl-2020e/gui/gpt_control.c:1157:12:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
    g_free(tmpfile);
data/gretl-2020e/gui/gpt_control.c:1170:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char emfname[FILENAME_MAX];
data/gretl-2020e/gui/gpt_control.c:1171:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char plttmp[FILENAME_MAX];
data/gretl-2020e/gui/gpt_control.c:1231:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char outname[FILENAME_MAX];
data/gretl-2020e/gui/gpt_control.c:1232:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char inpname[FILENAME_MAX];
data/gretl-2020e/gui/gpt_control.c:1378:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[MAXLEN];
data/gretl-2020e/gui/gpt_control.c:1381:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[5][32];
data/gretl-2020e/gui/gpt_control.c:1382:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obsfmt[12] = {0};
data/gretl-2020e/gui/gpt_control.c:1420:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(obsfmt, "%%%d[^\r\n]", OBSLEN - 1);
data/gretl-2020e/gui/gpt_control.c:1532:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[MAXLEN], test[32];
data/gretl-2020e/gui/gpt_control.c:1533:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obsfmt[12] = {0};
data/gretl-2020e/gui/gpt_control.c:1569:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(obsfmt, "%%%d[^\r\n]", OBSLEN - 1);
data/gretl-2020e/gui/gpt_control.c:1711:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char head[12] = {0};
data/gretl-2020e/gui/gpt_control.c:1789:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char axis[3] = {0};
data/gretl-2020e/gui/gpt_control.c:1822:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[16];
data/gretl-2020e/gui/gpt_control.c:1902:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(spec->xtics, "none");
data/gretl-2020e/gui/gpt_control.c:1903:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(spec->ytics, "none");
data/gretl-2020e/gui/gpt_control.c:1924:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char key[16] = {0};
data/gretl-2020e/gui/gpt_control.c:1934:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(spec->xtics, "none");
data/gretl-2020e/gui/gpt_control.c:1936:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(spec->ytics, "none");
data/gretl-2020e/gui/gpt_control.c:1980:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char test[16] = {0};
data/gretl-2020e/gui/gpt_control.c:2014:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lc[20];
data/gretl-2020e/gui/gpt_control.c:2066:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, key[16] = {0};
data/gretl-2020e/gui/gpt_control.c:2067:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char val[MAXLEN] = {0};
data/gretl-2020e/gui/gpt_control.c:2144:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(spec->xtics, "none");
data/gretl-2020e/gui/gpt_control.c:2147:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(spec->ytics, "none");
data/gretl-2020e/gui/gpt_control.c:2225:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	spec->border = atoi(val);
data/gretl-2020e/gui/gpt_control.c:2231:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	spec->bmargin = atoi(val);
data/gretl-2020e/gui/gpt_control.c:2238:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	spec->samples = atoi(val);
data/gretl-2020e/gui/gpt_control.c:2288:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[MAXLEN], test[12];
data/gretl-2020e/gui/gpt_control.c:2541:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	k = atoi(s);
data/gretl-2020e/gui/gpt_control.c:2560:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    k = (*f == '$')? atoi(f + 1) : atoi(f);
data/gretl-2020e/gui/gpt_control.c:2560:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    k = (*f == '$')? atoi(f + 1) : atoi(f);
data/gretl-2020e/gui/gpt_control.c:2574:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    k = atoi(s + 1);
data/gretl-2020e/gui/gpt_control.c:2638:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[16];
data/gretl-2020e/gui/gpt_control.c:2690:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char fmt[8];
data/gretl-2020e/gui/gpt_control.c:2692:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(fmt, "%%%ds", GP_MAXFORMULA - 1);
data/gretl-2020e/gui/gpt_control.c:2694:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(fmt, "%79s");
data/gretl-2020e/gui/gpt_control.c:2849:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char id[6];
data/gretl-2020e/gui/gpt_control.c:2863:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			list[i+1] = atoi(id);
data/gretl-2020e/gui/gpt_control.c:2897:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[128];
data/gretl-2020e/gui/gpt_control.c:2919:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[128];
data/gretl-2020e/gui/gpt_control.c:3072:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[16], vname[VNAMELEN];
data/gretl-2020e/gui/gpt_control.c:3075:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(fmt, "'%%%d[^\\']' (%%d)", VNAMELEN - 1);
data/gretl-2020e/gui/gpt_control.c:3113:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gpline[MAXLEN];
data/gretl-2020e/gui/gpt_control.c:3530:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(str, "%.*f", (pd < 10)? 1 : 2, t);
data/gretl-2020e/gui/gpt_control.c:3629:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(alt, "%.2f %.2f", x, y);
data/gretl-2020e/gui/gpt_control.c:3631:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(alt, "%.2f,%.2f", x, y);
data/gretl-2020e/gui/gpt_control.c:3892:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(label, "r = %.3f", zij);
data/gretl-2020e/gui/gpt_control.c:3961:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(label, "%7d", (int) data_x);
data/gretl-2020e/gui/gpt_control.c:3963:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(label, "%#7.4g", data_x);
data/gretl-2020e/gui/gpt_control.c:3972:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(label_y, " %-7d", (int) data_y);
data/gretl-2020e/gui/gpt_control.c:3974:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(label_y, " %#-7.4g", data_y);
data/gretl-2020e/gui/gpt_control.c:3977:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(label_y, " %-7d", (int) data_y);
data/gretl-2020e/gui/gpt_control.c:3979:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(label_y, " %#-6.3g", data_y);
data/gretl-2020e/gui/gpt_control.c:4062:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/gretl-2020e/gui/gpt_control.c:4087:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpname[FILENAME_MAX];
data/gretl-2020e/gui/gpt_control.c:4088:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[256], fontspec[128];
data/gretl-2020e/gui/gpt_control.c:4271:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fullname[MAXLEN] = {0};
data/gretl-2020e/gui/gpt_control.c:4746:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[MAXLEN];
data/gretl-2020e/gui/gpt_control.c:4824:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[MAXLEN], line[MAXLEN];
data/gretl-2020e/gui/gpt_control.c:5126:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pngname[MAXLEN];
data/gretl-2020e/gui/gpt_control.c:5239:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[MAXLEN];
data/gretl-2020e/gui/gpt_control.c:5719:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fullname[MAXLEN];
data/gretl-2020e/gui/gpt_control.c:5844:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bbname[MAXLEN], line[128];
data/gretl-2020e/gui/gpt_control.c:5927:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(s, "/opt/X11/bin/xterm");
data/gretl-2020e/gui/gpt_control.c:5988:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char term[32];
data/gretl-2020e/gui/gpt_dialog.c:178:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char colstr[8] = {0};
data/gretl-2020e/gui/gpt_dialog.c:188:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(xpm[0], "16 16 2 1");
data/gretl-2020e/gui/gpt_dialog.c:189:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(xpm[1], "X      c #000000");
data/gretl-2020e/gui/gpt_dialog.c:190:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(xpm[2], ".      c #000000");
data/gretl-2020e/gui/gpt_dialog.c:191:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(xpm[3], "................");
data/gretl-2020e/gui/gpt_dialog.c:194:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(xpm[i], ".XXXXXXXXXXXXXX.");
data/gretl-2020e/gui/gpt_dialog.c:197:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(xpm[XPMROWS-1], "................");
data/gretl-2020e/gui/gpt_dialog.c:284:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char colstr[8];
data/gretl-2020e/gui/gpt_dialog.c:438:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(xpm[0], "60 11 2 1");
data/gretl-2020e/gui/gpt_dialog.c:439:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(xpm[1], "  c None");
data/gretl-2020e/gui/gpt_dialog.c:440:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(xpm[2], ". c #000000");
data/gretl-2020e/gui/gpt_dialog.c:837:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char barsname[FILENAME_MAX];
data/gretl-2020e/gui/gpt_dialog.c:847:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char user_barsfile[FILENAME_MAX];
data/gretl-2020e/gui/gpt_dialog.c:1149:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fontname[128];
data/gretl-2020e/gui/gpt_dialog.c:1216:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fontname[128];
data/gretl-2020e/gui/gpt_dialog.c:1312:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fontname[128];
data/gretl-2020e/gui/gpt_dialog.c:1756:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char *p, tmp[128];
data/gretl-2020e/gui/gpt_dialog.c:1948:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label_text[32];
data/gretl-2020e/gui/gpt_dialog.c:1963:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(label_text, _("line %d: "), ed->gui_nlines + 1);
data/gretl-2020e/gui/gpt_dialog.c:2155:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[GP_MAXFORMULA];
data/gretl-2020e/gui/gpt_dialog.c:2326:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label_text[32];
data/gretl-2020e/gui/gpt_dialog.c:2350:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(label_text, _("line %d: "), i+1);
data/gretl-2020e/gui/gpt_dialog.c:2363:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label_text[32];
data/gretl-2020e/gui/gpt_dialog.c:2366:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(label_text, _("label %d: "), i + 1);
data/gretl-2020e/gui/graph_page.c:47:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gpage_base[FILENAME_MAX];
data/gretl-2020e/gui/graph_page.c:48:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gpage_tex_base[FILENAME_MAX];
data/gretl-2020e/gui/graph_page.c:54:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(gpage_base, "gretl_graphpage");
data/gretl-2020e/gui/graph_page.c:55:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(gpage_tex_base, "gretl_graphpage");
data/gretl-2020e/gui/graph_page.c:78:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char fname[MAXLEN];
data/gretl-2020e/gui/graph_page.c:79:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char num[12];
data/gretl-2020e/gui/graph_page.c:85:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(num, "_%d", i);
data/gretl-2020e/gui/graph_page.c:141:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char unit[3];
data/gretl-2020e/gui/graph_page.c:144:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(unit, "in");
data/gretl-2020e/gui/graph_page.c:146:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(unit, "mm");
data/gretl-2020e/gui/graph_page.c:472:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char outfile[MAXLEN];
data/gretl-2020e/gui/graph_page.c:521:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char dvips_path[MAXLEN];
data/gretl-2020e/gui/graph_page.c:522:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[MAXLEN];
data/gretl-2020e/gui/graph_page.c:650:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, tmp[MAXSTR];
data/gretl-2020e/gui/graph_page.c:651:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[4];
data/gretl-2020e/gui/graph_page.c:674:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(latex, "pdf");
data/gretl-2020e/gui/graphics.c:31:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char font[64] = "Sans";
data/gretl-2020e/gui/graphics.c:45:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char font[64];
data/gretl-2020e/gui/graphics.c:271:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char fontname[68];
data/gretl-2020e/gui/graphics.c:281:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[64];
data/gretl-2020e/gui/graphics.c:295:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fontstr[84];
data/gretl-2020e/gui/graphics.c:296:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lwstr[32];
data/gretl-2020e/gui/graphics.c:302:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(lwstr, " linewidth %g", s->lw_factor);
data/gretl-2020e/gui/graphics.c:329:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char termstr[256];
data/gretl-2020e/gui/graphics.c:339:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char termstr[256];
data/gretl-2020e/gui/gretl.c:157:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char datafile[MAXLEN];
data/gretl-2020e/gui/gretl.c:158:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char scriptfile[MAXLEN];
data/gretl-2020e/gui/gretl.c:171:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char calculator[MAXSTR] = "calc.exe";
data/gretl-2020e/gui/gretl.c:172:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char latex[MAXSTR] = "pdflatex.exe";
data/gretl-2020e/gui/gretl.c:173:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char Rcommand[MAXSTR] = "RGui.exe";
data/gretl-2020e/gui/gretl.c:175:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char calculator[MAXSTR] = "/Applications/Calculator.app/Contents/MacOS/Calculator";
data/gretl-2020e/gui/gretl.c:176:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char latex[MAXSTR] = "pdflatex";
data/gretl-2020e/gui/gretl.c:177:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char Rcommand[MAXSTR] = "/Applications/R.app/Contents/MacOS/R";
data/gretl-2020e/gui/gretl.c:179:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char Browser[MAXSTR] = "mozilla";
data/gretl-2020e/gui/gretl.c:180:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char calculator[MAXSTR] = "xcalc";
data/gretl-2020e/gui/gretl.c:181:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char latex[MAXSTR] = "pdflatex";
data/gretl-2020e/gui/gretl.c:182:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char viewpdf[MAXSTR] = "acroread";
data/gretl-2020e/gui/gretl.c:183:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char viewps[MAXSTR] = "gv";
data/gretl-2020e/gui/gretl.c:184:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char Rcommand[MAXSTR] = "xterm -e R";
data/gretl-2020e/gui/gretl.c:187:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char tryfile[MAXLEN];
data/gretl-2020e/gui/gretl.c:274:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gdttmp[FILENAME_MAX];
data/gretl-2020e/gui/gretl.c:347:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(dbname, ".bin");
data/gretl-2020e/gui/gretl.c:375:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char localedir[MAXSTR];
data/gretl-2020e/gui/gretl.c:412:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char localedir[MAXSTR];
data/gretl-2020e/gui/gretl.c:422:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(p, "share/locale");
data/gretl-2020e/gui/gretl.c:549:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fp = fopen("/etc/os-release", "r");
data/gretl-2020e/gui/gretl.c:552:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[80];
data/gretl-2020e/gui/gretl.c:701:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char auxname[MAXLEN];
data/gretl-2020e/gui/gretl.c:702:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filearg[MAXLEN];
data/gretl-2020e/gui/gretl.c:1111:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (atoi(idstr) == pv) {
data/gretl-2020e/gui/gretl.c:1141:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    if (idstr != NULL && atoi(idstr) == mdata->active_var) {
data/gretl-2020e/gui/gretl.c:1160:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char numstr[16];
data/gretl-2020e/gui/gretl.c:1162:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(numstr, "%d", i);
data/gretl-2020e/gui/gretl.c:1208:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char id[12];
data/gretl-2020e/gui/gretl.c:1239:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(id, "%d", i);
data/gretl-2020e/gui/gretl.c:1252:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(id, "%d", i);
data/gretl-2020e/gui/gretl.c:1294:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(id, "%d", pos);
data/gretl-2020e/gui/gretl.c:1368:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (in_gretl_list(list, atoi(idstr))) {
data/gretl-2020e/gui/gretl.c:1382:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lname[32];
data/gretl-2020e/gui/gretl.c:2286:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lname[VNAMELEN];
data/gretl-2020e/gui/gretl.c:2469:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[MAXLEN];
data/gretl-2020e/gui/gretl.c:2559:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullname[FILENAME_MAX];
data/gretl-2020e/gui/gretl.h:106:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char datafile[MAXLEN];
data/gretl-2020e/gui/gretl.h:107:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char scriptfile[MAXLEN];
data/gretl-2020e/gui/gretl.h:117:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char viewps[MAXSTR];
data/gretl-2020e/gui/gretl.h:118:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char viewpdf[MAXSTR];
data/gretl-2020e/gui/gretl.h:119:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char Browser[MAXSTR];
data/gretl-2020e/gui/gretl.h:122:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char calculator[MAXSTR];
data/gretl-2020e/gui/gretl.h:123:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char latex[MAXSTR];
data/gretl-2020e/gui/gretl.h:124:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char viewdvi[MAXSTR];
data/gretl-2020e/gui/gretl.h:125:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char Rcommand[MAXSTR];
data/gretl-2020e/gui/gretl_ipc.c:121:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[PROC_PIDPATHINFO_MAXSIZE];
data/gretl-2020e/gui/gretl_ipc.c:173:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[128];
data/gretl-2020e/gui/gretl_ipc.c:174:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pname[32] = {0};
data/gretl-2020e/gui/gretl_ipc.c:242:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char newfile[FILENAME_MAX];
data/gretl-2020e/gui/gretl_ipc.c:284:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pidfile[FILENAME_MAX];
data/gretl-2020e/gui/gretl_ipc.c:310:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newfile[FILENAME_MAX];
data/gretl-2020e/gui/gretl_ipc.c:311:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[32];
data/gretl-2020e/gui/gretl_ipc.c:356:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pidfile[FILENAME_MAX];
data/gretl-2020e/gui/gretl_ipc.c:374:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newfile[FILENAME_MAX];
data/gretl-2020e/gui/gretl_ipc.c:375:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[32];
data/gretl-2020e/gui/gretl_ipc.c:433:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pidfile[FILENAME_MAX];
data/gretl-2020e/gui/gretl_ipc.c:455:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[32];
data/gretl-2020e/gui/gretl_ipc.c:505:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[FILENAME_MAX];
data/gretl-2020e/gui/gretl_ipc.c:525:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[FILENAME_MAX];
data/gretl-2020e/gui/gretl_ipc.c:549:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpname[FILENAME_MAX];
data/gretl-2020e/gui/gretl_ipc.c:668:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[64];
data/gretl-2020e/gui/gretltypes.h:88:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[MAXLEN];
data/gretl-2020e/gui/gretlwin32.c:162:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[MAX_PATH];
data/gretl-2020e/gui/gretlwin32.c:253:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(target, "tahoma 8");
data/gretl-2020e/gui/gretlwin32.c:301:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[4] = {0};
data/gretl-2020e/gui/gretlwin32.c:368:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(ptr, ubuf, sz);
data/gretl-2020e/gui/gretlwin32.c:370:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(ptr, winbuf, sz);
data/gretl-2020e/gui/gretlwin32.c:475:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[MAX_PATH];
data/gretl-2020e/gui/gretlwin32.c:517:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ver[4] = {0};
data/gretl-2020e/gui/gretlwin32.c:542:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(service, "AcroViewR15");
data/gretl-2020e/gui/gretlwin32.c:544:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		n = atoi(ver);
data/gretl-2020e/gui/gretlwin32.c:546:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(service, "AcroViewR%d", n);
data/gretl-2020e/gui/gretlwin32.c:548:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		    strcpy(service, "AcroView");
data/gretl-2020e/gui/gretlwin32.c:552:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		    strcpy(service, "AcroViewR11");
data/gretl-2020e/gui/gretlwin32.c:554:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		    strcpy(service, "AcroViewR10");
data/gretl-2020e/gui/gretlwin32.c:562:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(service, "AcroViewA15");
data/gretl-2020e/gui/gretlwin32.c:565:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		    strcpy(service, "AcroViewA11");
data/gretl-2020e/gui/gretlwin32.c:567:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		    strcpy(service, "AcroViewA10");
data/gretl-2020e/gui/gretlwin32.c:570:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		n = atoi(ver);
data/gretl-2020e/gui/gretlwin32.c:572:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(service, "AcroViewA%d", n);
data/gretl-2020e/gui/gretlwin32.c:574:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		    strcpy(service, "AcroView");
data/gretl-2020e/gui/gretlwin32.c:673:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sfx[5] = ".htm";
data/gretl-2020e/gui/gretlwin32.c:680:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sfx[5];
data/gretl-2020e/gui/gretlwin32.c:684:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(sfx, ".pdf");
data/gretl-2020e/gui/gretlwin32.c:687:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(sfx, ".ps");
data/gretl-2020e/gui/gretlwin32.c:733:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *fonts[2] = {
data/gretl-2020e/gui/gretlwin32.c:1022:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ddename[32];
data/gretl-2020e/gui/gtkfontselhack.c:946:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf (buffer, "%.1f", fontsel->size / (1.0 * PANGO_SCALE));
data/gretl-2020e/gui/gui_recode.c:135:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *p, tmp[512];
data/gretl-2020e/gui/gui_recode.c:137:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(tmp, "set term pngcairo");
data/gretl-2020e/gui/gui_recode.c:145:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char fname[32], fsize[6];
data/gretl-2020e/gui/gui_recode.c:151:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat(tmp, " font \"");
data/gretl-2020e/gui/gui_recode.c:155:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat(tmp, "\" ");
data/gretl-2020e/gui/gui_recode.c:221:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[512];
data/gretl-2020e/gui/gui_utils.c:406:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[GRETL_BUFSIZE];
data/gretl-2020e/gui/gui_utils.c:438:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(fname, ".XXXXXX");
data/gretl-2020e/gui/gui_utils.c:657:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char g, ins[3] = {0};
data/gretl-2020e/gui/gui_utils.c:884:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mod[MAXSTR];
data/gretl-2020e/gui/gui_utils.c:909:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char basename[MAXSTR];
data/gretl-2020e/gui/gui_utils.c:921:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char parm[32];
data/gretl-2020e/gui/gui_utils.c:924:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(parm, " --sheet=%d", list[1]);
data/gretl-2020e/gui/gui_utils.c:928:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(parm, " --coloffset=%d", list[2]);
data/gretl-2020e/gui/gui_utils.c:932:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(parm, " --rowoffset=%d", list[3]);
data/gretl-2020e/gui/gui_utils.c:1366:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[MAXLEN];
data/gretl-2020e/gui/gui_utils.c:2771:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char c, word[9];
data/gretl-2020e/gui/gui_utils.c:2781:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[128];
data/gretl-2020e/gui/gui_utils.c:3173:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[VNAMELEN2], aname[VNAMELEN];
data/gretl-2020e/gui/gui_utils.c:3214:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(aname, "r:xvar %d", v1); /* FIXME */
data/gretl-2020e/gui/gui_utils.c:3235:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(aname, "%c:xvar %d", (i == 0)? 'r' : 'f', v1);
data/gretl-2020e/gui/gui_utils.c:3301:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tmp2[VNAMELEN2];
data/gretl-2020e/gui/gui_utils.c:3304:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char pname[VNAMELEN];
data/gretl-2020e/gui/gui_utils.c:3350:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[VNAMELEN2];
data/gretl-2020e/gui/gui_utils.c:3435:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[VNAMELEN2], aname[VNAMELEN];
data/gretl-2020e/gui/gui_utils.c:3447:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(aname, "tauseq %d", i - 2);
data/gretl-2020e/gui/gui_utils.c:3471:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(p, ".%d", pmod->ID);
data/gretl-2020e/gui/gui_utils.c:4393:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char obs1[OBSLEN];
data/gretl-2020e/gui/gui_utils.c:4394:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char obs2[OBSLEN];
data/gretl-2020e/gui/gui_utils.c:4544:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cmdword[9];
data/gretl-2020e/gui/gui_utils.c:4602:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/gui/gui_utils.c:4618:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(vname, "jvbeta_%d", vecid);
data/gretl-2020e/gui/gui_utils.c:4656:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[VNAMELEN2], istr[VNAMELEN];
data/gretl-2020e/gui/gui_utils.c:4657:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char maj[64], min[64];
data/gretl-2020e/gui/gui_utils.c:4724:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(istr, "resid %d", i);
data/gretl-2020e/gui/gui_utils.c:4835:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newpath[64];
data/gretl-2020e/gui/gui_utils.c:4845:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(istr, "fcast %d", i);
data/gretl-2020e/gui/gui_utils.c:4858:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(istr, "targ_%d", i);
data/gretl-2020e/gui/gui_utils.c:4866:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(newpath, "/menubar/Graphs/targ_%d", i);
data/gretl-2020e/gui/gui_utils.c:4872:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(istr, "Imp:%d:%d", i, j);
data/gretl-2020e/gui/gui_utils.c:4890:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(istr, "FEVD:%d", j);
data/gretl-2020e/gui/gui_utils.c:4904:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(istr, "EC %d", i);
data/gretl-2020e/gui/gui_utils.c:4913:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(istr, "matrix %d", mtypes[i]);
data/gretl-2020e/gui/gui_utils.c:4974:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char vname[VNAMELEN];
data/gretl-2020e/gui/gui_utils.c:5073:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char keystr[64];
data/gretl-2020e/gui/gui_utils.c:5390:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char comment[64];
data/gretl-2020e/gui/gui_utils.c:5394:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(comment, "# restored sample from model %d\n", pmod->ID);
data/gretl-2020e/gui/gui_utils.c:5396:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(comment, "# restored sample from model\n");
data/gretl-2020e/gui/gui_utils.c:5591:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebit[VNAMELEN];
data/gretl-2020e/gui/gui_utils.c:6207:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char timestr[16];
data/gretl-2020e/gui/guiprint.c:63:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tstr[48];
data/gretl-2020e/gui/guiprint.c:226:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(hdr, "%d", page++);
data/gretl-2020e/gui/guiprint.c:272:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fp = fopen("debug.txt", "w");
data/gretl-2020e/gui/guiprint.c:536:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[OBSLEN];
data/gretl-2020e/gui/guiprint.c:595:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char date1[OBSLEN], date2[OBSLEN], tmp[128];
data/gretl-2020e/gui/guiprint.c:643:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char date1[OBSLEN], date2[OBSLEN], tmp[128];
data/gretl-2020e/gui/guiprint.c:757:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(s, "%#.3g", x);
data/gretl-2020e/gui/guiprint.c:765:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[32], xstr[12];
data/gretl-2020e/gui/guiprint.c:889:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obs1[OBSLEN], obs2[OBSLEN];
data/gretl-2020e/gui/guiprint.c:890:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label[VNAMELEN];
data/gretl-2020e/gui/guiprint.c:924:14:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	if (t == 2) strcpy(label, _("fitted"));
data/gretl-2020e/gui/guiprint.c:965:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[32];
data/gretl-2020e/gui/guiprint.c:980:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s[32];
data/gretl-2020e/gui/guiprint.c:1004:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char date1[OBSLEN], date2[OBSLEN], vname[16], tmp[128];
data/gretl-2020e/gui/guiprint.c:1055:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char date1[OBSLEN], date2[OBSLEN], vname[16], tmp[128];
data/gretl-2020e/gui/guiprint.c:1245:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[128];
data/gretl-2020e/gui/guiprint.c:1248:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char date1[OBSLEN], date2[OBSLEN];
data/gretl-2020e/gui/guiprint.c:1334:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[16];
data/gretl-2020e/gui/guiprint.c:1340:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char date1[OBSLEN], date2[OBSLEN];
data/gretl-2020e/gui/guiprint.c:1503:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char date1[OBSLEN], date2[OBSLEN];
data/gretl-2020e/gui/guiprint.c:1520:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char date1[OBSLEN], date2[OBSLEN];
data/gretl-2020e/gui/guiprint.c:1521:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[128];
data/gretl-2020e/gui/guiprint.c:1558:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[16];
data/gretl-2020e/gui/guiprint.c:1691:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char actual[32], fitted[32];
data/gretl-2020e/gui/guiprint.c:1692:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[16];
data/gretl-2020e/gui/guiprint.c:1731:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char actual[32], fitted[32], sderr[32], lo[32], hi[32];
data/gretl-2020e/gui/guiprint.c:1732:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[16];
data/gretl-2020e/gui/guiprint.c:1843:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[128];
data/gretl-2020e/gui/guiprint.c:1916:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[16];
data/gretl-2020e/gui/guiprint.c:1924:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char coeff[32];
data/gretl-2020e/gui/guiprint.c:1933:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lo[32], hi[32];
data/gretl-2020e/gui/guiprint.c:2174:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char numstr[48];
data/gretl-2020e/gui/guiprint.c:2183:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(numstr, "%.*g", DBL_DIG, x);
data/gretl-2020e/gui/guiprint.c:2440:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char latex_path[MAXLEN];
data/gretl-2020e/gui/guiprint.c:2441:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[MAXLEN];
data/gretl-2020e/gui/guiprint.c:2464:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char logfile[MAXLEN];
data/gretl-2020e/gui/guiprint.c:2465:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lline[512];
data/gretl-2020e/gui/guiprint.c:2487:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char texfile[MAXLEN], texbase[MAXLEN], tmp[MAXLEN];
data/gretl-2020e/gui/helpfiles.c:369:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[32], sect[48];
data/gretl-2020e/gui/helpfiles.c:1377:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[16];
data/gretl-2020e/gui/helpfiles.c:1721:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char haystack[MAXLEN];
data/gretl-2020e/gui/helpfiles.c:1722:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pstr[16];
data/gretl-2020e/gui/helpfiles.c:1740:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(pstr, "%d", vwin->active_var);
data/gretl-2020e/gui/helpfiles.c:1822:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char haystack[MAXLEN];
data/gretl-2020e/gui/helpfiles.c:2287:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[FILENAME_MAX];
data/gretl-2020e/gui/helpfiles.c:2319:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[FILENAME_MAX];
data/gretl-2020e/gui/helpfiles.c:2355:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[FILENAME_MAX];
data/gretl-2020e/gui/helpfiles.c:2367:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[FILENAME_MAX];
data/gretl-2020e/gui/join-gui.c:813:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char optstr[128] = {0};
data/gretl-2020e/gui/library.c:95:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char libline[MAXLINE];
data/gretl-2020e/gui/library.c:493:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/gui/library.c:494:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char descrip[MAXLABEL];
data/gretl-2020e/gui/library.c:510:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(vname, "mdist");
data/gretl-2020e/gui/library.c:511:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(descrip, _("Mahalanobis distances"));
data/gretl-2020e/gui/library.c:568:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/gui/library.c:569:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char descrip[MAXLABEL];
data/gretl-2020e/gui/library.c:582:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(vname, "EC%d", j);
data/gretl-2020e/gui/library.c:583:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(descrip, "error correction term %d from VECM %d", j, id);
data/gretl-2020e/gui/library.c:606:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/gui/library.c:607:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char descrip[MAXLABEL];
data/gretl-2020e/gui/library.c:615:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(vname, "_se");
data/gretl-2020e/gui/library.c:618:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(vname, "_hat");
data/gretl-2020e/gui/library.c:631:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stobs[OBSLEN], endobs[OBSLEN];
data/gretl-2020e/gui/library.c:681:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[128];
data/gretl-2020e/gui/library.c:687:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(title, "gretl: ");
data/gretl-2020e/gui/library.c:703:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(title, _("correlation matrix"));
data/gretl-2020e/gui/library.c:712:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(title, _("summary statistics"));
data/gretl-2020e/gui/library.c:717:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(title, _("summary stats: "));
data/gretl-2020e/gui/library.c:724:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(title, _("normality test"));
data/gretl-2020e/gui/library.c:733:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(title, _("correlation matrix"));
data/gretl-2020e/gui/library.c:737:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(title, _("principal components"));
data/gretl-2020e/gui/library.c:742:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(title, _("Mahalanobis distances"));
data/gretl-2020e/gui/library.c:746:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(title, _("cross tabulation"));
data/gretl-2020e/gui/library.c:755:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(title, _("summary statistics"));
data/gretl-2020e/gui/library.c:1991:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char startobs[OBSLEN], endobs[OBSLEN];
data/gretl-2020e/gui/library.c:2519:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char iname[VNAMELEN];
data/gretl-2020e/gui/library.c:2520:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char jname[VNAMELEN];
data/gretl-2020e/gui/library.c:2575:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char c, word[9];
data/gretl-2020e/gui/library.c:2600:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[128];
data/gretl-2020e/gui/library.c:2618:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(title, _("gretl: LM test "));
data/gretl-2020e/gui/library.c:2621:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(title, _("(heteroskedasticity)"));
data/gretl-2020e/gui/library.c:2625:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(title, _("(heteroskedasticity)"));
data/gretl-2020e/gui/library.c:2629:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(title, _("(heteroskedasticity)"));
data/gretl-2020e/gui/library.c:2637:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(title, _("gretl: groupwise heteroskedasticity"));
data/gretl-2020e/gui/library.c:2643:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(title, _("(non-linearity)"));
data/gretl-2020e/gui/library.c:2651:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(title, _("gretl: common factor test"));
data/gretl-2020e/gui/library.c:2655:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(title, _("gretl: cross-sectional dependence"));
data/gretl-2020e/gui/library.c:3069:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char brkstr[OBSLEN];
data/gretl-2020e/gui/library.c:3156:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char brkstr[OBSLEN];
data/gretl-2020e/gui/library.c:3453:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bufline[MAXLINE];
data/gretl-2020e/gui/library.c:3618:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s1[VNAMELEN] = {0};
data/gretl-2020e/gui/library.c:3619:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s2[VNAMELEN] = {0};
data/gretl-2020e/gui/library.c:3642:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sysname[32] = {0};
data/gretl-2020e/gui/library.c:3643:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bufline[MAXLINE];
data/gretl-2020e/gui/library.c:3835:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[32];
data/gretl-2020e/gui/library.c:3947:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char realline[MAXLINE];
data/gretl-2020e/gui/library.c:3948:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bufline[MAXLINE];
data/gretl-2020e/gui/library.c:3954:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char endstr[8];
data/gretl-2020e/gui/library.c:4268:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[VNAMELEN];
data/gretl-2020e/gui/library.c:4282:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(si->listname, "HFL___%d", i+1);
data/gretl-2020e/gui/library.c:4334:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(si->listname, "HFL___%d", i+1);
data/gretl-2020e/gui/library.c:4374:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char estimator[9];
data/gretl-2020e/gui/library.c:4479:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char yname[VNAMELEN];
data/gretl-2020e/gui/library.c:4480:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char xname[VNAMELEN];
data/gretl-2020e/gui/library.c:4533:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    d = atoi(s + 2);
data/gretl-2020e/gui/library.c:4626:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char vname[VNAMELEN];
data/gretl-2020e/gui/library.c:4627:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char descrip[MAXLABEL];
data/gretl-2020e/gui/library.c:4636:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(vname, "loess_fit");
data/gretl-2020e/gui/library.c:4643:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(vname, "nw_fit");
data/gretl-2020e/gui/library.c:4724:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(S[1], _("fitted"));
data/gretl-2020e/gui/library.c:4757:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char estimator[9];
data/gretl-2020e/gui/library.c:4940:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cword[9];
data/gretl-2020e/gui/library.c:5067:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char word1[9] = {0};
data/gretl-2020e/gui/library.c:5577:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *s, line[128];
data/gretl-2020e/gui/library.c:5693:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char outfile[MAXLEN] = {0};
data/gretl-2020e/gui/library.c:5765:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char outfile[MAXLEN] = {0};
data/gretl-2020e/gui/library.c:5875:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *opts[1] = {NULL};
data/gretl-2020e/gui/library.c:6627:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/gui/library.c:6628:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char descrip[MAXLABEL];
data/gretl-2020e/gui/library.c:6683:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/gui/library.c:6684:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char descrip[MAXLABEL];
data/gretl-2020e/gui/library.c:6720:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/gui/library.c:6721:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char descrip[MAXLABEL];
data/gretl-2020e/gui/library.c:6746:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(vname, "uhat%d", j);
data/gretl-2020e/gui/library.c:6747:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(descrip, _("residual from VAR system, equation %d"), j);
data/gretl-2020e/gui/library.c:6749:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(vname, "uhat%d", j);
data/gretl-2020e/gui/library.c:6750:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(descrip, _("residual from VECM system, equation %d"), j);
data/gretl-2020e/gui/library.c:6752:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(vname, "uhat_s%02d", j);
data/gretl-2020e/gui/library.c:6753:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(descrip, _("system residual, equation %d"), j);
data/gretl-2020e/gui/library.c:6807:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/gui/library.c:6973:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(dset->varname[uhatno], _("residual"));
data/gretl-2020e/gui/library.c:7028:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dname[MAXDISP];
data/gretl-2020e/gui/library.c:7174:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[MAXLEN];
data/gretl-2020e/gui/library.c:8072:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *p, title[VNAMELEN];
data/gretl-2020e/gui/library.c:8681:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[MAXLEN];
data/gretl-2020e/gui/library.c:8743:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char stname[MAXLEN];
data/gretl-2020e/gui/library.c:9365:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char myline[32];
data/gretl-2020e/gui/library.c:9524:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[MAXLINE] = {0};
data/gretl-2020e/gui/library.c:9525:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[MAXLINE] = {0};
data/gretl-2020e/gui/library.c:9612:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		    strcpy(line, "quit");
data/gretl-2020e/gui/library.c:9897:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, fname[MAXLEN];
data/gretl-2020e/gui/library.c:9977:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char myfile[MAXLEN] = {0};
data/gretl-2020e/gui/library.c:10002:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(myfile, "dbnomics");
data/gretl-2020e/gui/library.c:10281:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char runfile[MAXLEN];
data/gretl-2020e/gui/menustate.c:120:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fullpath[32];
data/gretl-2020e/gui/menustate.c:1060:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char t1str[OBSLEN], t2str[OBSLEN];
data/gretl-2020e/gui/menustate.c:1068:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char t1str[OBSLEN], t2str[OBSLEN];
data/gretl-2020e/gui/menustate.c:1168:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat(wdir, "...");
data/gretl-2020e/gui/mknews.c:28:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[256];
data/gretl-2020e/gui/mknews.c:37:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f1 = fopen(argv[1], "r");
data/gretl-2020e/gui/mknews.c:43:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f2 = fopen("NEWS", "w");
data/gretl-2020e/gui/model_table.c:358:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pname[VNAMELEN];
data/gretl-2020e/gui/model_table.c:539:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "%.*f", mt_figs, x);
data/gretl-2020e/gui/model_table.c:541:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "%#.*g", mt_figs, x);
data/gretl-2020e/gui/model_table.c:549:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char numstr[32], tmp[64];
data/gretl-2020e/gui/model_table.c:569:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmp, "%.*s...", namewidth - 3, pname);
data/gretl-2020e/gui/model_table.c:691:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(numstr, "NA");
data/gretl-2020e/gui/model_table.c:693:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(numstr, "%.*f", mt_figs, pval);
data/gretl-2020e/gui/model_table.c:997:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char est[32];
data/gretl-2020e/gui/model_table.c:1020:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char targ[48];
data/gretl-2020e/gui/model_table.c:1023:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "(%d)", j + 1);
data/gretl-2020e/gui/model_table.c:1032:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "%c", 'A' + j);
data/gretl-2020e/gui/model_table.c:1035:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tmp[32];
data/gretl-2020e/gui/model_table.c:1056:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(targ, _("Model %d"), pmod->ID);
data/gretl-2020e/gui/model_table.c:1181:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[32];
data/gretl-2020e/gui/model_table.c:1417:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char outfile[MAXLEN];
data/gretl-2020e/gui/objectsave.c:32:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[MAXSAVENAME] = {0};
data/gretl-2020e/gui/objectsave.c:128:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char objname[MAXSAVENAME] = {0};
data/gretl-2020e/gui/osx_env.c:11:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *c, execpath[MAXPATHLEN + 1];
data/gretl-2020e/gui/osx_env.c:12:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char respath[MAXPATHLEN + 1];
data/gretl-2020e/gui/osx_env.c:25:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(execpath, "/../Resources");
data/gretl-2020e/gui/selector.c:302:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cluster_var[VNAMELEN];
data/gretl-2020e/gui/selector.c:307:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char mds_listname[VNAMELEN];
data/gretl-2020e/gui/selector.c:964:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char varflag[8];
data/gretl-2020e/gui/selector.c:1049:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char vstr[VNAMELEN + 8];
data/gretl-2020e/gui/selector.c:1241:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mname[VNAMELEN];
data/gretl-2020e/gui/selector.c:1780:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    v = atoi(idstr);
data/gretl-2020e/gui/selector.c:2787:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char istr[VNAMELEN];
data/gretl-2020e/gui/selector.c:2799:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(tmp, " ; ");
data/gretl-2020e/gui/selector.c:2850:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char idstr[8];
data/gretl-2020e/gui/selector.c:2857:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(idstr, "%d", id);
data/gretl-2020e/gui/selector.c:2862:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(idstr, "%d", id);
data/gretl-2020e/gui/selector.c:2886:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(targ, "0 ");
data/gretl-2020e/gui/selector.c:2901:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[32];
data/gretl-2020e/gui/selector.c:2917:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "%d ", arma_p);
data/gretl-2020e/gui/selector.c:2922:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(s, "%d ", arima_d);
data/gretl-2020e/gui/selector.c:2934:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "%d ; ", arma_q);
data/gretl-2020e/gui/selector.c:2944:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(s, "%d %d %d ; ", arma_P, arima_D, arma_Q);
data/gretl-2020e/gui/selector.c:2952:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[32] = {0};
data/gretl-2020e/gui/selector.c:2957:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "%d %d ; ", garch_p, garch_q);
data/gretl-2020e/gui/selector.c:2960:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "%d ; ", dpd_p);
data/gretl-2020e/gui/selector.c:2964:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "%d ", p);
data/gretl-2020e/gui/selector.c:2973:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s[16];
data/gretl-2020e/gui/selector.c:2977:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "%g", 1 - cval);
data/gretl-2020e/gui/selector.c:3009:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[64];
data/gretl-2020e/gui/selector.c:3016:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tmp, "%d", li);
data/gretl-2020e/gui/selector.c:3621:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[32];
data/gretl-2020e/gui/selector.c:3628:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, " d=%d q=%g", d, q);
data/gretl-2020e/gui/selector.c:3639:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(s, " h=%g", h);
data/gretl-2020e/gui/selector.c:3829:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char numstr[8];
data/gretl-2020e/gui/selector.c:3845:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(numstr, "%d", *order);
data/gretl-2020e/gui/selector.c:3852:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(numstr, " %d", jrank);
data/gretl-2020e/gui/selector.c:3981:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char endbit[64] = {0};
data/gretl-2020e/gui/selector.c:5958:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bstr[16];
data/gretl-2020e/gui/selector.c:5970:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(bstr, "%d", b);
data/gretl-2020e/gui/selector.c:7639:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pname[VNAMELEN];
data/gretl-2020e/gui/selector.h:43:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char listname[VNAMELEN];
data/gretl-2020e/gui/series_view.c:130:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char num_format[32];
data/gretl-2020e/gui/series_view.c:158:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(num_format, "%%#13.%dg\n", sview->digits);
data/gretl-2020e/gui/series_view.c:160:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(num_format, "%%13.%df\n", sview->digits);
data/gretl-2020e/gui/session.c:95:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[MAXLEN];
data/gretl-2020e/gui/session.c:96:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dirname[MAXLEN];
data/gretl-2020e/gui/session.c:109:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[MAXSAVENAME];
data/gretl-2020e/gui/session.c:114:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[MAXSAVENAME];
data/gretl-2020e/gui/session.c:120:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[MAXSAVENAME];
data/gretl-2020e/gui/session.c:121:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[MAXLEN];
data/gretl-2020e/gui/session.c:136:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datafile[MAXLEN];
data/gretl-2020e/gui/session.c:231:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char sessionfile[MAXLEN];
data/gretl-2020e/gui/session.c:665:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[MAXSAVENAME];
data/gretl-2020e/gui/session.c:688:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char num[16];
data/gretl-2020e/gui/session.c:690:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(num, "(%d)", ++idmax);
data/gretl-2020e/gui/session.c:702:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tname[MAXSAVENAME];
data/gretl-2020e/gui/session.c:720:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(tname, "text");
data/gretl-2020e/gui/session.c:827:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(session.dirname, ".gretl-%d", (int) p);
data/gretl-2020e/gui/session.c:846:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(shortname, "graph.%d", n);
data/gretl-2020e/gui/session.c:892:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char shortname[MAXSAVENAME];
data/gretl-2020e/gui/session.c:893:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char graphname[MAXSAVENAME];
data/gretl-2020e/gui/session.c:954:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(shortname, "graph.%d", n);
data/gretl-2020e/gui/session.c:979:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char shortname[MAXSAVENAME];
data/gretl-2020e/gui/session.c:980:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char grpath[MAXLEN];
data/gretl-2020e/gui/session.c:1259:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/gui/session.c:1263:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(vname, "bundle%d", ++session_bundle_count);
data/gretl-2020e/gui/session.c:1344:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(sinfo->datafile, "data.gdt");
data/gretl-2020e/gui/session.c:1365:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[2*MAXLEN];
data/gretl-2020e/gui/session.c:1409:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char xmlname[MAXLEN]; /* path to master session XML file */
data/gretl-2020e/gui/session.c:1410:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gdtname[MAXLEN]; /* path to session data file */
data/gretl-2020e/gui/session.c:1411:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[MAXLEN];   /* multi-purpose temp variable */
data/gretl-2020e/gui/session.c:1844:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpname[MAXLEN];
data/gretl-2020e/gui/session.c:1943:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(datname, ".gdt");
data/gretl-2020e/gui/session.c:1946:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(p, ".gdt");
data/gretl-2020e/gui/session.c:1950:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(datname, "data.gdt");
data/gretl-2020e/gui/session.c:1969:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datname[MAXLEN];
data/gretl-2020e/gui/session.c:1970:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dirname[MAXLEN];
data/gretl-2020e/gui/session.c:2000:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(fname, ".gretl");
data/gretl-2020e/gui/session.c:2047:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(datname, "none");
data/gretl-2020e/gui/session.c:2183:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(str, "; ");
data/gretl-2020e/gui/session.c:2193:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[MAXLEN];
data/gretl-2020e/gui/session.c:2203:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[128], title[64];
data/gretl-2020e/gui/session.c:2204:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char xlabel[24], ylabel[24];
data/gretl-2020e/gui/session.c:2442:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[MAXLEN];
data/gretl-2020e/gui/session.c:2527:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char fullname[MAXLEN];
data/gretl-2020e/gui/session.c:2735:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char fname1[MAXSAVENAME];
data/gretl-2020e/gui/session.c:2736:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char path0[FILENAME_MAX];
data/gretl-2020e/gui/session.c:2737:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char path1[FILENAME_MAX];
data/gretl-2020e/gui/session.c:3535:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char fullname[MAXLEN];
data/gretl-2020e/gui/session.c:4073:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(targ, "...");
data/gretl-2020e/gui/session.c:4164:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[MAXLEN];
data/gretl-2020e/gui/session.c:4185:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[MAXLEN];
data/gretl-2020e/gui/session.c:4213:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[24];
data/gretl-2020e/gui/session.c:4219:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(fmt, "%%-%ds %%3d\n", len);
data/gretl-2020e/gui/session.c:4226:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[24];
data/gretl-2020e/gui/session.c:4232:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(fmt, "%%-%ds %%.8g\n", len);
data/gretl-2020e/gui/session_xml.c:12:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fullname[MAXLEN];
data/gretl-2020e/gui/session_xml.c:25:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char line[32] = {0};
data/gretl-2020e/gui/session_xml.c:57:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[16];
data/gretl-2020e/gui/session_xml.c:61:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char oldname[MAXLEN];
data/gretl-2020e/gui/session_xml.c:62:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char newname[MAXLEN];
data/gretl-2020e/gui/session_xml.c:294:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fullname[MAXLEN];
data/gretl-2020e/gui/session_xml.c:411:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		sinfo->t1 = atoi((const char *) tmp);
data/gretl-2020e/gui/session_xml.c:418:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		sinfo->t2 = atoi((const char *) tmp);
data/gretl-2020e/gui/session_xml.c:430:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		sinfo->seed = (unsigned) atoi((const char *) tmp);
data/gretl-2020e/gui/session_xml.c:435:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		sinfo->resample_n = atoi((const char *) tmp);
data/gretl-2020e/gui/session_xml.c:445:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		session.nmodels = atoi((const char *) tmp);
data/gretl-2020e/gui/session_xml.c:454:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		session.ngraphs = atoi((const char *) tmp);
data/gretl-2020e/gui/session_xml.c:463:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		session.ntexts = atoi((const char *) tmp);
data/gretl-2020e/gui/session_xml.c:617:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[2*MAXLEN];
data/gretl-2020e/gui/session_xml.c:622:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		fnum = atoi(dname + 6);
data/gretl-2020e/gui/session_xml.c:623:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tmp, "model.%d", fnum);
data/gretl-2020e/gui/session_xml.c:629:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		fnum = atoi(dname + 6);
data/gretl-2020e/gui/session_xml.c:630:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tmp, "graph.%d", fnum);
data/gretl-2020e/gui/session_xml.c:645:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[2*MAXLEN];
data/gretl-2020e/gui/session_xml.c:646:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpname[2*MAXLEN];
data/gretl-2020e/gui/session_xml.c:708:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmpname, "model.%d", modnum++);
data/gretl-2020e/gui/session_xml.c:762:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tmpname, "model.%d", modnum++);
data/gretl-2020e/gui/settings.c:69:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char rcfile[FILENAME_MAX];
data/gretl-2020e/gui/settings.c:70:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char http_proxy[128];
data/gretl-2020e/gui/settings.c:85:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char system_appfont[64];
data/gretl-2020e/gui/settings.c:88:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char fixedfontname[MAXLEN] = "Courier New 10";
data/gretl-2020e/gui/settings.c:89:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char default_fixedfont[64] = "Courier New 10";
data/gretl-2020e/gui/settings.c:91:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char fixedfontname[MAXLEN] = "Menlo 13";
data/gretl-2020e/gui/settings.c:92:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char default_fixedfont[64] = "Menlo 13";
data/gretl-2020e/gui/settings.c:94:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char fixedfontname[MAXLEN] = "Menlo 10";
data/gretl-2020e/gui/settings.c:95:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char default_fixedfont[64] = "Menlo 10";
data/gretl-2020e/gui/settings.c:97:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char fixedfontname[MAXLEN] = "monospace 10";
data/gretl-2020e/gui/settings.c:98:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char default_fixedfont[64] = "monospace 10";
data/gretl-2020e/gui/settings.c:102:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char appfontname[MAXLEN] = "";
data/gretl-2020e/gui/settings.c:104:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char appfontname[MAXLEN] = "Lucida Grande 13";
data/gretl-2020e/gui/settings.c:106:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char appfontname[MAXLEN] = "sans 10";
data/gretl-2020e/gui/settings.c:125:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char datapage[24] = "Gretl";
data/gretl-2020e/gui/settings.c:126:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char scriptpage[24] = "Gretl";
data/gretl-2020e/gui/settings.c:127:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char author_mail[32];
data/gretl-2020e/gui/settings.c:128:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char sview_style[32] = "classic";
data/gretl-2020e/gui/settings.c:129:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char graph_theme[24] = "dark2";
data/gretl-2020e/gui/settings.c:130:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gpcolors[18];
data/gretl-2020e/gui/settings.c:133:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char langpref[32];
data/gretl-2020e/gui/settings.c:134:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char hc_xsect[5] = "HC1";
data/gretl-2020e/gui/settings.c:135:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char hc_tseri[5] = "HAC";
data/gretl-2020e/gui/settings.c:136:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char hc_panel[9] = "Arellano";
data/gretl-2020e/gui/settings.c:137:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char hc_garch[5] = "QML";
data/gretl-2020e/gui/settings.c:141:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char mpi_pref[8] = "MS-MPI";
data/gretl-2020e/gui/settings.c:143:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char mpi_pref[8] = "OpenMPI";
data/gretl-2020e/gui/settings.c:151:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char themepref[12] = "Adwaita";
data/gretl-2020e/gui/settings.c:153:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char themepref[12] = "MS-Windows";
data/gretl-2020e/gui/settings.c:528:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return (p != NULL)? atoi(p+1) : 10;
data/gretl-2020e/gui/settings.c:536:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(p, " %d", size);
data/gretl-2020e/gui/settings.c:597:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(system_appfont, "Lucida Grande 13");
data/gretl-2020e/gui/settings.c:599:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(system_appfont, "sans 10");
data/gretl-2020e/gui/settings.c:825:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, test[MAXSTR];
data/gretl-2020e/gui/settings.c:836:10:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
         strcat(test, "tramo/tramo");
data/gretl-2020e/gui/settings.c:838:10:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
         strcat(test, "x12arima/x12a");
data/gretl-2020e/gui/settings.c:1668:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char numstr[4];
data/gretl-2020e/gui/settings.c:1672:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(numstr, "%.1f", scale);
data/gretl-2020e/gui/settings.c:1791:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cstr[2][8];
data/gretl-2020e/gui/settings.c:1997:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "true");
data/gretl-2020e/gui/settings.c:1999:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "false");
data/gretl-2020e/gui/settings.c:2009:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char val[6];
data/gretl-2020e/gui/settings.c:2256:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[MAXLEN], key[32], linevar[MAXLEN];
data/gretl-2020e/gui/settings.c:2282:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				strvar = (char *) rc_vars[j].var;
data/gretl-2020e/gui/settings.c:2309:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[MAXLEN], key[32], linevar[MAXLEN];
data/gretl-2020e/gui/settings.c:2371:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char value[MAXSTR];
data/gretl-2020e/gui/settings.c:2378:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(fixedfontname, "NSimSun 10");
data/gretl-2020e/gui/settings.c:2379:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(default_fixedfont, "NSimSun 10");
data/gretl-2020e/gui/settings.c:2381:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(fixedfontname, "MS Gothic 10");
data/gretl-2020e/gui/settings.c:2382:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(default_fixedfont, "MS Gothic 10");
data/gretl-2020e/gui/settings.c:2395:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(rcfile, ".gretl2rc");
data/gretl-2020e/gui/settings.c:2483:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[MAXLEN], key[32], linevar[MAXLEN];
data/gretl-2020e/gui/settings.c:2551:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fontname[128];
data/gretl-2020e/gui/settings.c:2840:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fontname[64];
data/gretl-2020e/gui/settings.c:2918:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dumper[MAXLEN];
data/gretl-2020e/gui/settings.c:2923:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char val[6];
data/gretl-2020e/gui/settings.c:2953:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    fprintf(fp, "%s = %s\n", rc_vars[i].key, (char *) rc_vars[i].var);
data/gretl-2020e/gui/settings.c:3131:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[MAXLEN];
data/gretl-2020e/gui/settings.c:3277:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sl[2] = {0};
data/gretl-2020e/gui/settings.c:3306:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(themepref, "MS-Windows");
data/gretl-2020e/gui/settings.c:3308:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(themepref, "Clearlooks");
data/gretl-2020e/gui/ssheet.c:82:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mname[VNAMELEN];
data/gretl-2020e/gui/ssheet.c:99:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char numfmt[8];
data/gretl-2020e/gui/ssheet.c:327:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(sheet->location, "%d, %d", atoi(pstr) + 1, cnum);
data/gretl-2020e/gui/ssheet.c:327:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	sprintf(sheet->location, "%d, %d", atoi(pstr) + 1, cnum);
data/gretl-2020e/gui/ssheet.c:333:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[VNAMELEN];
data/gretl-2020e/gui/ssheet.c:444:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(pstr, "%d", newrow);
data/gretl-2020e/gui/ssheet.c:566:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int i = atoi(path_string);
data/gretl-2020e/gui/ssheet.c:619:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    sheet_push_edit(sheet, colnum, atoi(path_string));
data/gretl-2020e/gui/ssheet.c:782:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[32];
data/gretl-2020e/gui/ssheet.c:959:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char varname[VNAMELEN];
data/gretl-2020e/gui/ssheet.c:983:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obsmarker[OBSLEN];
data/gretl-2020e/gui/ssheet.c:1028:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[13], colname[24];
data/gretl-2020e/gui/ssheet.c:1673:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char newname[VNAMELEN];
data/gretl-2020e/gui/ssheet.c:1768:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cstr[16];
data/gretl-2020e/gui/ssheet.c:1774:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(cstr, "%d", i);
data/gretl-2020e/gui/ssheet.c:1786:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cstr[16];
data/gretl-2020e/gui/ssheet.c:1802:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(cstr, "%d", sheet->datacols - n + i + 1);
data/gretl-2020e/gui/ssheet.c:1817:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(cstr, "%d", i);
data/gretl-2020e/gui/ssheet.c:1857:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmpstr, "%d", i1);
data/gretl-2020e/gui/ssheet.c:1860:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmpstr, "%d", i1);
data/gretl-2020e/gui/ssheet.c:1880:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tmpstr, "%d", i1 + 1);
data/gretl-2020e/gui/ssheet.c:1931:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmpstr, "%d", i+1);
data/gretl-2020e/gui/ssheet.c:1944:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(tmpstr, "nan");
data/gretl-2020e/gui/ssheet.c:1974:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(tmpstr, "nan");
data/gretl-2020e/gui/ssheet.c:2015:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(val, "nan");
data/gretl-2020e/gui/ssheet.c:2017:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(val, "-inf");
data/gretl-2020e/gui/ssheet.c:2019:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(val, "inf");
data/gretl-2020e/gui/ssheet.c:2124:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char numstr[32];
data/gretl-2020e/gui/ssheet.c:2683:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tmpstr, "%d", i);
data/gretl-2020e/gui/ssheet.c:2874:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(sheet->numfmt, "%.*g");
data/gretl-2020e/gui/ssheet.c:3490:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[VNAMELEN];
data/gretl-2020e/gui/ssheet.c:4166:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(sheet->numfmt, "%.*g");
data/gretl-2020e/gui/tabwin.c:510:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[MAXLEN];
data/gretl-2020e/gui/textbuf.c:1256:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char readbuf[4096];
data/gretl-2020e/gui/textbuf.c:1497:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fline[MAXSTR], *chunk;
data/gretl-2020e/gui/textbuf.c:1635:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(tagname, "tag:guide");
data/gretl-2020e/gui/textbuf.c:1663:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tagname, "tag:p%d", page);
data/gretl-2020e/gui/textbuf.c:1705:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(tagname, "tag:gfr");
data/gretl-2020e/gui/textbuf.c:1709:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tagname, "xtag:p%d", page);
data/gretl-2020e/gui/textbuf.c:1736:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fullname[MAXLEN] = {0};
data/gretl-2020e/gui/textbuf.c:1777:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fullname[MAXLEN];
data/gretl-2020e/gui/textbuf.c:1785:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *buf, line[4096];
data/gretl-2020e/gui/textbuf.c:2215:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[10];
data/gretl-2020e/gui/textbuf.c:2259:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[12];
data/gretl-2020e/gui/textbuf.c:2749:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[1024];
data/gretl-2020e/gui/textbuf.c:2929:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[9], line[1024];
data/gretl-2020e/gui/textbuf.c:2930:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lastline[1024];
data/gretl-2020e/gui/textbuf.c:3021:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *s, line[1024];
data/gretl-2020e/gui/textbuf.c:3068:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[1024];
data/gretl-2020e/gui/textbuf.c:3096:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[1024];
data/gretl-2020e/gui/textbuf.c:3417:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *s, thisword[9];
data/gretl-2020e/gui/textbuf.c:3418:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prevword[9];
data/gretl-2020e/gui/textbuf.c:3509:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s[2] = {0};
data/gretl-2020e/gui/textbuf.c:3551:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char thisword[9];
data/gretl-2020e/gui/textbuf.c:3552:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prevword[9];
data/gretl-2020e/gui/textbuf.c:3945:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char figfile[FILENAME_MAX];
data/gretl-2020e/gui/textbuf.c:3962:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char minus[4];
data/gretl-2020e/gui/textbuf.c:4052:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[32];
data/gretl-2020e/gui/textbuf.c:4302:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[256];
data/gretl-2020e/gui/textbuf.c:4350:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hword[12];
data/gretl-2020e/gui/textutil.c:877:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(q, "}\r\n");
data/gretl-2020e/gui/toolbar.c:179:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    pbuf = gdk_pixbuf_new_from_xpm_data((const char **) stocks[i].xpm);
data/gretl-2020e/gui/toolbar.c:432:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mname[VNAMELEN];
data/gretl-2020e/gui/toolbar.c:634:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(txt, "%.2f", a);
data/gretl-2020e/gui/treeutils.c:46:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (atoi(id_a) == 0) {
data/gretl-2020e/gui/treeutils.c:48:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    } else if (atoi(id_b) == 0) {
data/gretl-2020e/gui/treeutils.c:80:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ia = atoi(id_a);
data/gretl-2020e/gui/treeutils.c:81:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ib = atoi(id_b);
data/gretl-2020e/gui/treeutils.c:185:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    *v = atoi(id);
data/gretl-2020e/gui/treeutils.c:237:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(addvar, " %d", active_var);
data/gretl-2020e/gui/treeutils.c:239:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(addvar, "%d", active_var);
data/gretl-2020e/gui/treeutils.c:366:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    vwin->active_var = atoi(varnum);
data/gretl-2020e/gui/treeutils.c:818:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    list[list[0]] = atoi(varnum);
data/gretl-2020e/gui/update.c:27:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char latest[16];
data/gretl-2020e/gui/update.c:62:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int vserver = atoi(getbuf + 15);
data/gretl-2020e/gui/varinfo.c:64:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char changed[VSET_MAX];
data/gretl-2020e/gui/varinfo.c:167:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int ret = (v == atoi(s));
data/gretl-2020e/gui/varinfo.c:221:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[MAXLEN];
data/gretl-2020e/gui/varinfo.c:476:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    id = atoi(idstr);
data/gretl-2020e/gui/varinfo.c:595:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    id = atoi(idstr);
data/gretl-2020e/gui/winstack.c:179:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aname[32];
data/gretl-2020e/gui/winstack.c:181:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(aname, "%p", (void *) w);
data/gretl-2020e/gui/winstack.c:385:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(bullet, " %c%c%c", 0xE2, 0x80, 0xA2);
data/gretl-2020e/gui/winstack.c:393:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(bullet, " *");
data/gretl-2020e/gui/winstack.c:401:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char aname[32];
data/gretl-2020e/gui/winstack.c:429:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char bullet[5];
data/gretl-2020e/lib/src/addons_utils.c:166:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char syspath[MAXLEN];
data/gretl-2020e/lib/src/addons_utils.c:167:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char usrpath[MAXLEN];
data/gretl-2020e/lib/src/addons_utils.c:168:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gfnname[64];
data/gretl-2020e/lib/src/addons_utils.c:274:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *s, line[512];
data/gretl-2020e/lib/src/addons_utils.c:308:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char epath[MAXLEN];
data/gretl-2020e/lib/src/addons_utils.c:351:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, ".pdf");
data/gretl-2020e/lib/src/adf_kpss.c:159:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char date1[OBSLEN];
data/gretl-2020e/lib/src/adf_kpss.c:160:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char date2[OBSLEN];
data/gretl-2020e/lib/src/adf_kpss.c:399:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(dset->varname[v], "ydetols");
data/gretl-2020e/lib/src/adf_kpss.c:426:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(dset->varname[v], "ydetrend");
data/gretl-2020e/lib/src/adf_kpss.c:631:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pvstr[48];
data/gretl-2020e/lib/src/adf_kpss.c:632:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char taustr[16];
data/gretl-2020e/lib/src/adf_kpss.c:702:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(taustr, "tau");
data/gretl-2020e/lib/src/adf_kpss.c:968:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datapath[FILENAME_MAX];
data/gretl-2020e/lib/src/adf_kpss.c:1066:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dset->varname[v], "timesq");
data/gretl-2020e/lib/src/adf_kpss.c:1069:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dset->varname[v], "time");
data/gretl-2020e/lib/src/adf_kpss.c:2675:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(dset->varname[k], "uhat");
data/gretl-2020e/lib/src/bootstrap.c:87:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN]; /* name of variable analysed */
data/gretl-2020e/lib/src/bootstrap.c:99:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char bs_vname[VNAMELEN];
data/gretl-2020e/lib/src/bootstrap.c:666:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(bs_vname, "F_test");
data/gretl-2020e/lib/src/bootstrap.c:669:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(bs_vname, "t_");
data/gretl-2020e/lib/src/bootstrap.c:671:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(bs_vname, "b_");
data/gretl-2020e/lib/src/bootstrap.c:748:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char label[48];
data/gretl-2020e/lib/src/bootstrap.c:756:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(label, _("bootstrap F-test"));
data/gretl-2020e/lib/src/bootstrap.c:758:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(label, _("bootstrap t-ratio"));
data/gretl-2020e/lib/src/bootstrap.c:760:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(label, _("bootstrap coefficient"));
data/gretl-2020e/lib/src/bootstrap.c:1736:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(bs->vname, "F-test");
data/gretl-2020e/lib/src/boxplots.c:35:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char varname[VNAMELEN];
data/gretl-2020e/lib/src/boxplots.c:60:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char xlabel[VNAMELEN];
data/gretl-2020e/lib/src/boxplots.c:61:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ylabel[VNAMELEN];
data/gretl-2020e/lib/src/boxplots.c:229:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[32];
data/gretl-2020e/lib/src/boxplots.c:231:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "%#.5g - %#.5g", plt->conf[0], plt->conf[1]);
data/gretl-2020e/lib/src/boxplots.c:243:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char numstr[32] = "";
data/gretl-2020e/lib/src/boxplots.c:246:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(numstr, "%g", gretl_vector_get(grp->dvals, i));
data/gretl-2020e/lib/src/boxplots.c:248:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(numstr, "%d", grp->pan_min + i);
data/gretl-2020e/lib/src/boxplots.c:519:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(grp->xlabel, _("group"));
data/gretl-2020e/lib/src/boxplots.c:901:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char yname[VNAMELEN];
data/gretl-2020e/lib/src/boxplots.c:1025:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(gdset->varname[i+1], "%d", u1 + i);
data/gretl-2020e/lib/src/boxplots.c:1147:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lq[16], uq[16];
data/gretl-2020e/lib/src/boxplots.c:1176:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[16];
data/gretl-2020e/lib/src/boxplots.c:1263:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char yvar[VNAMELEN];
data/gretl-2020e/lib/src/boxplots.c:1264:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char xvar[VNAMELEN];
data/gretl-2020e/lib/src/boxplots.c:1265:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[128];
data/gretl-2020e/lib/src/boxplots.c:1266:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[16], tfmt[16], line[512];
data/gretl-2020e/lib/src/boxplots.c:1279:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(fmt, "%%%d[^\\\"]", VNAMELEN-1);
data/gretl-2020e/lib/src/boxplots.c:1280:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tfmt, "%%%d[^\\\"]", 127);
data/gretl-2020e/lib/src/boxplots.c:1294:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    pan_min = atoi(line + 12);
data/gretl-2020e/lib/src/calendar.c:251:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(ret, "%04d-%02d-%02d", y, m, d);
data/gretl-2020e/lib/src/calendar.c:626:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "%d", y);
data/gretl-2020e/lib/src/calendar.c:628:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "%d:%02d", y, m);
data/gretl-2020e/lib/src/calendar.c:632:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "%d:%d", y, q);
data/gretl-2020e/lib/src/cmd_private.h:43:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char savename[MAXSAVENAME]; /* for object-saving mechanism */
data/gretl-2020e/lib/src/cmd_private.h:54:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char runfile[MAXLEN];
data/gretl-2020e/lib/src/compare.c:697:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char altparm[32] = {0};
data/gretl-2020e/lib/src/compare.c:777:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(altparm, "%g", x);
data/gretl-2020e/lib/src/compare.c:925:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dset->varname[v], "uhat");
data/gretl-2020e/lib/src/compare.c:1413:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pname[VNAMELEN];
data/gretl-2020e/lib/src/compare.c:1926:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(dset->varname[vs], "yhat^2");
data/gretl-2020e/lib/src/compare.c:1930:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(dset->varname[vc], "yhat^3");
data/gretl-2020e/lib/src/compare.c:2333:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dset->varname[v], "uhat");
data/gretl-2020e/lib/src/compare.c:2340:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(dset->varname[lv], "uhat_%d", i);
data/gretl-2020e/lib/src/compare.c:2578:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(dset->varname[v], "splitdum");
data/gretl-2020e/lib/src/compare.c:2605:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(dset->varname[sv], "%.2s_", dset->varname[dumv]);
data/gretl-2020e/lib/src/compare.c:2607:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(dset->varname[sv], "sd_");
data/gretl-2020e/lib/src/compare.c:2976:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char datestr[OBSLEN];
data/gretl-2020e/lib/src/compare.c:3052:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char chowstr[VNAMELEN];
data/gretl-2020e/lib/src/compare.c:3393:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cumdate[OBSLEN];
data/gretl-2020e/lib/src/compare.c:3600:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tmp[16];
data/gretl-2020e/lib/src/compare.c:3602:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmp, "_%d", lag + 1);
data/gretl-2020e/lib/src/compare.c:3609:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(dset->varname[k], "_1");
data/gretl-2020e/lib/src/compare.c:3773:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dset->varname[v], "lever");
data/gretl-2020e/lib/src/compare.c:3790:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dset->varname[v], "influ");
data/gretl-2020e/lib/src/compare.c:3817:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dset->varname[v], "dffits");
data/gretl-2020e/lib/src/compat.c:71:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[32];
data/gretl-2020e/lib/src/compat.c:74:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(word, "%11g", x);
data/gretl-2020e/lib/src/compat.c:130:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char p[41][132];
data/gretl-2020e/lib/src/compat.c:131:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[32];
data/gretl-2020e/lib/src/compat.c:255:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(word, "%g", xmin);
data/gretl-2020e/lib/src/compat.c:268:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(word, "%g", xmax);
data/gretl-2020e/lib/src/compat.c:316:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[32], px[132];
data/gretl-2020e/lib/src/compat.c:317:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s1[10], s2[10];
data/gretl-2020e/lib/src/compat.c:346:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(word, "x-min = %g", xmin);
data/gretl-2020e/lib/src/compat.c:350:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(word, "x-max = %g", xmax);
data/gretl-2020e/lib/src/compat.c:416:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(word, "xy-min = %g", xymin);
data/gretl-2020e/lib/src/compat.c:420:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(word, "xy-max = %g", xymax);
data/gretl-2020e/lib/src/compat.c:427:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(word, "        o-min = %g", ymin);
data/gretl-2020e/lib/src/compat.c:431:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(word, "o-max = %g", ymax);
data/gretl-2020e/lib/src/compat.c:436:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(word, "        x-min = %g", xmin);
data/gretl-2020e/lib/src/compat.c:440:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(word, "x-max = %g", xmax);
data/gretl-2020e/lib/src/csvdata.c:112:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char str[CSVSTRLEN];
data/gretl-2020e/lib/src/csvdata.c:113:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char skipstr[8];
data/gretl-2020e/lib/src/csvdata.c:182:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char import_na[8];
data/gretl-2020e/lib/src/csvdata.c:189:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char m_means_q[2]; /* array of "monthly means quarterly" flags */
data/gretl-2020e/lib/src/csvdata.c:520:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(dset->S[n-1], "NA");
data/gretl-2020e/lib/src/csvdata.c:794:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "%d", y);
data/gretl-2020e/lib/src/csvdata.c:796:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "%d:%02d", y, m);
data/gretl-2020e/lib/src/csvdata.c:798:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "%d:%d", y, m / 3 + (m % 3 != 0));
data/gretl-2020e/lib/src/csvdata.c:821:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bad[16], skip[8];
data/gretl-2020e/lib/src/csvdata.c:822:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label[OBSLEN];
data/gretl-2020e/lib/src/csvdata.c:906:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label[OBSLEN];
data/gretl-2020e/lib/src/csvdata.c:911:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    yprev = atoi(dset->S[s]);
data/gretl-2020e/lib/src/csvdata.c:917:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    yr = atoi(label);
data/gretl-2020e/lib/src/csvdata.c:919:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    yr = atoi(dset->S[s]);
data/gretl-2020e/lib/src/csvdata.c:939:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (atoi(dset->S[t]) != 1) {
data/gretl-2020e/lib/src/csvdata.c:991:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *label, fmt[16];
data/gretl-2020e/lib/src/csvdata.c:996:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fmt, "%%d%c%%d%c%%d", sep, sep);
data/gretl-2020e/lib/src/csvdata.c:998:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(fmt, "%4d%2d%2d");
data/gretl-2020e/lib/src/csvdata.c:1022:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[OBSLEN];
data/gretl-2020e/lib/src/csvdata.c:1149:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    try = atoi(year);
data/gretl-2020e/lib/src/csvdata.c:1164:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sub[3], *s = NULL;
data/gretl-2020e/lib/src/csvdata.c:1174:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		p = atoi(s);
data/gretl-2020e/lib/src/csvdata.c:1187:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		p = atoi(s);
data/gretl-2020e/lib/src/csvdata.c:1207:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(format, "%%d%cQ%%d", sep);
data/gretl-2020e/lib/src/csvdata.c:1209:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(format, "%%d%c%%d", sep);
data/gretl-2020e/lib/src/csvdata.c:1222:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char year[5], sub[3];
data/gretl-2020e/lib/src/csvdata.c:1223:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char format[8] = {0};
data/gretl-2020e/lib/src/csvdata.c:1233:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char altobs[OBSLEN];
data/gretl-2020e/lib/src/csvdata.c:1266:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    s = atoi(sub + 1);
data/gretl-2020e/lib/src/csvdata.c:1269:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    s = atoi(sub) / 3;
data/gretl-2020e/lib/src/csvdata.c:1290:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char d1[5], d2[5];
data/gretl-2020e/lib/src/csvdata.c:1298:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ret = atoi(d1) > atoi(d2);
data/gretl-2020e/lib/src/csvdata.c:1298:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ret = atoi(d1) > atoi(d2);
data/gretl-2020e/lib/src/csvdata.c:1322:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char c, tmp[8], *s;
data/gretl-2020e/lib/src/csvdata.c:1354:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(tmp, "%d:%02d", y, p);
data/gretl-2020e/lib/src/csvdata.c:1356:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(tmp, "%d:%d", y, p);
data/gretl-2020e/lib/src/csvdata.c:1399:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char m1[4] = {0};
data/gretl-2020e/lib/src/csvdata.c:1400:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char m2[4] = {0};
data/gretl-2020e/lib/src/csvdata.c:1406:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	yr1 = atoi(s1 + 4);
data/gretl-2020e/lib/src/csvdata.c:1407:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	yr2 = atoi(s2 + 4);
data/gretl-2020e/lib/src/csvdata.c:1424:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    yr1 = atoi(s + 4);
data/gretl-2020e/lib/src/csvdata.c:1448:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		yr1 = atoi(s + 4);
data/gretl-2020e/lib/src/csvdata.c:1453:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(dset->S[i], "%d:%02d", yr1, p);
data/gretl-2020e/lib/src/csvdata.c:1455:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(dset->S[i], "%d:%g", yr1, ceil((3+p)/4.0));
data/gretl-2020e/lib/src/csvdata.c:1473:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char endobs[OBSLEN];
data/gretl-2020e/lib/src/csvdata.c:1489:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(endobs, "%d", n);
data/gretl-2020e/lib/src/csvdata.c:1641:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char b[4];
data/gretl-2020e/lib/src/csvdata.c:1938:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[VNAMELEN];
data/gretl-2020e/lib/src/csvdata.c:1999:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char field1[OBSLEN];
data/gretl-2020e/lib/src/csvdata.c:2396:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *test, tmp[CSVSTRLEN];
data/gretl-2020e/lib/src/csvdata.c:2497:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[CSVSTRLEN], clean[CSVSTRLEN];
data/gretl-2020e/lib/src/csvdata.c:2755:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[VNAMELEN] = {0};
data/gretl-2020e/lib/src/csvdata.c:2771:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char screen[4];
data/gretl-2020e/lib/src/csvdata.c:2817:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(vname, "v%d", j);
data/gretl-2020e/lib/src/csvdata.c:2826:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(vname, "v%d", j);
data/gretl-2020e/lib/src/csvdata.c:2896:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(targ, "col[n]");
data/gretl-2020e/lib/src/csvdata.c:2898:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "col%d", k);
data/gretl-2020e/lib/src/csvdata.c:2946:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char okname[VNAMELEN];
data/gretl-2020e/lib/src/csvdata.c:2955:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(okname, "col%d", k);
data/gretl-2020e/lib/src/csvdata.c:3056:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(c->dset->varname[j], "col%d", j);
data/gretl-2020e/lib/src/csvdata.c:3875:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(c->dset->varname[i], "v%d", i);
data/gretl-2020e/lib/src/csvdata.c:3998:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char csvname[MAXLEN] = {0};
data/gretl-2020e/lib/src/csvdata.c:4291:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "%.16g", x);
data/gretl-2020e/lib/src/csvdata.c:4310:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sconv[32];
data/gretl-2020e/lib/src/csvdata.c:4900:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obs[OBSLEN];
data/gretl-2020e/lib/src/csvdata.c:5165:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char obs[12];
data/gretl-2020e/lib/src/csvdata.c:5172:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    *pk1 = atoi(obs);
data/gretl-2020e/lib/src/csvdata.c:5173:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    *pk2 = atoi(obs + 5);
data/gretl-2020e/lib/src/csvdata.c:5334:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char label[MAXLABEL];
data/gretl-2020e/lib/src/csvdata.c:5521:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char test[VNAMELEN];
data/gretl-2020e/lib/src/csvdata.c:5913:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char const *tmp[2] = {tconvfmt, tkeyfmt};
data/gretl-2020e/lib/src/csvdata.c:6662:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *cname, tmp[VNAMELEN];
data/gretl-2020e/lib/src/csvdata.c:6796:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char okeyname1[VNAMELEN] = {0};
data/gretl-2020e/lib/src/csvdata.c:6797:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char okeyname2[VNAMELEN] = {0};
data/gretl-2020e/lib/src/csvdata.c:6798:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tkeyfmt[32] = {0};
data/gretl-2020e/lib/src/dataio.c:243:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[OBSLEN];
data/gretl-2020e/lib/src/dataio.c:301:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char revs1[OBSLEN];
data/gretl-2020e/lib/src/dataio.c:307:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char revs2[OBSLEN];
data/gretl-2020e/lib/src/dataio.c:403:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    n = atoi(date) - atoi(dset->stobs);
data/gretl-2020e/lib/src/dataio.c:403:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    n = atoi(date) - atoi(dset->stobs);
data/gretl-2020e/lib/src/dataio.c:408:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tmp[OBSLEN];
data/gretl-2020e/lib/src/dataio.c:427:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		maj0 = atoi(tmp);
data/gretl-2020e/lib/src/dataio.c:428:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		min0 = atoi(tmp + pos2 + 1);
data/gretl-2020e/lib/src/dataio.c:495:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(s, "%d:%0*d", i, d, j);
data/gretl-2020e/lib/src/dataio.c:536:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(datestr, "%d", (int) x);
data/gretl-2020e/lib/src/dataio.c:540:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(datestr, "%d", (int) x);
data/gretl-2020e/lib/src/dataio.c:550:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(datestr, "%d", (int) x);
data/gretl-2020e/lib/src/dataio.c:554:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fmt[10];
data/gretl-2020e/lib/src/dataio.c:557:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fmt, "%%.%df", len);
data/gretl-2020e/lib/src/dataio.c:581:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(datestr, "%d-01-01", yr);
data/gretl-2020e/lib/src/dataio.c:587:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(datestr, "%d-01-01", maj);
data/gretl-2020e/lib/src/dataio.c:591:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(datestr, "%d-%02d-01", maj, min);
data/gretl-2020e/lib/src/dataio.c:596:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(datestr, "%d-%02d-01", maj, mo);
data/gretl-2020e/lib/src/dataio.c:637:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char datestr[12];
data/gretl-2020e/lib/src/dataio.c:675:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *s, numstr[64];
data/gretl-2020e/lib/src/dataio.c:698:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(numstr, "%.*f", p, fabs(x[t]));
data/gretl-2020e/lib/src/dataio.c:897:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obs[OBSLEN];
data/gretl-2020e/lib/src/dataio.c:902:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	*maj = atoi(obs);
data/gretl-2020e/lib/src/dataio.c:918:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    *min = atoi(s + 1);
data/gretl-2020e/lib/src/dataio.c:934:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[TMPLEN];
data/gretl-2020e/lib/src/dataio.c:985:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(tmp, "\"NA\"");
data/gretl-2020e/lib/src/dataio.c:988:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(tmp, "\"%d\"", (int) xt);
data/gretl-2020e/lib/src/dataio.c:990:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(tmp, "%.*g", digits, xt);
data/gretl-2020e/lib/src/dataio.c:1087:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datfile[MAXLEN];
data/gretl-2020e/lib/src/dataio.c:1223:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char datestr[OBSLEN];
data/gretl-2020e/lib/src/dataio.c:1515:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dset->varname[1], "index");
data/gretl-2020e/lib/src/dataio.c:1903:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    int k0 = atoi(d2->S[0]);
data/gretl-2020e/lib/src/dataio.c:1912:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    } else if ((k1 = atoi(d2->S[i])) != k0 + 1) {
data/gretl-2020e/lib/src/dataio.c:1920:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		*offset = atoi(d2->S[0]) - 1;
data/gretl-2020e/lib/src/dataio.c:2289:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char obs[OBSLEN];
data/gretl-2020e/lib/src/dataio.c:2507:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[128], marker[32];
data/gretl-2020e/lib/src/dataio.c:2741:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[1024];
data/gretl-2020e/lib/src/dataio.c:2938:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char nstr[12];
data/gretl-2020e/lib/src/dataio.c:2944:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(nstr, "%d", nnum);
data/gretl-2020e/lib/src/dataio.c:2952:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(name, "v%d", v);
data/gretl-2020e/lib/src/dataio.c:3011:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[8], fmt[16], name[32];
data/gretl-2020e/lib/src/dataio.c:3126:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(fmt, "# name: %%%ds", VNAMELEN - 1);
data/gretl-2020e/lib/src/dataio.c:3349:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char test[128] = {0};
data/gretl-2020e/lib/src/dataio.c:3390:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[3] = {0};
data/gretl-2020e/lib/src/dataio.c:3622:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(targ, "v%d", k);
data/gretl-2020e/lib/src/dataio.c:3625:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(targ, "v%d", k);
data/gretl-2020e/lib/src/dataio.c:3628:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(targ, "v%d", k);
data/gretl-2020e/lib/src/dataio.c:3692:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tstr[48];
data/gretl-2020e/lib/src/dataio.c:3730:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(dset->descrip, "\n\n");
data/gretl-2020e/lib/src/dataio.c:3782:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char datestr[OBSLEN];
data/gretl-2020e/lib/src/dataset.c:36:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char display_name[MAXDISP];
data/gretl-2020e/lib/src/dataset.c:37:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char parent[VNAMELEN];
data/gretl-2020e/lib/src/dataset.c:263:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(dset->endobs, "%d", dset->n);
data/gretl-2020e/lib/src/dataset.c:455:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dset->varname[0], "const");
data/gretl-2020e/lib/src/dataset.c:987:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(dset->S[t], "%d", t + 1);
data/gretl-2020e/lib/src/dataset.c:1103:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(vtmp + j*newT, utmp, usz);
data/gretl-2020e/lib/src/dataset.c:1118:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(S[k], "%d:%d", j+1, t+1);
data/gretl-2020e/lib/src/dataset.c:1201:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(dset->S[pos], "%d", pos + 1);
data/gretl-2020e/lib/src/dataset.c:1876:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN] = {0};
data/gretl-2020e/lib/src/dataset.c:2158:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/lib/src/dataset.c:2379:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(newset->Z[k], dset->Z[i], ssize);
data/gretl-2020e/lib/src/dataset.c:2875:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fmt[8];
data/gretl-2020e/lib/src/dataset.c:2877:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fmt, "%%%d[^)]", VNAMELEN-1);
data/gretl-2020e/lib/src/dataset.c:2905:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fmt[16];
data/gretl-2020e/lib/src/dataset.c:2907:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fmt, "= log of %%%ds", VNAMELEN-1);
data/gretl-2020e/lib/src/dataset.c:3080:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[32];
data/gretl-2020e/lib/src/dataset.c:3296:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/lib/src/dataset.c:4504:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bit[16];
data/gretl-2020e/lib/src/dataset.c:4507:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(bit, "%d=", i+1);
data/gretl-2020e/lib/src/dataset.c:4511:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(tmp, ", ");
data/gretl-2020e/lib/src/dataset.c:4992:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datestr[OBSLEN];
data/gretl-2020e/lib/src/dataset.c:5460:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char targ1[VNAMELEN];
data/gretl-2020e/lib/src/dataset.c:5461:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char targ2[VNAMELEN];
data/gretl-2020e/lib/src/dbnread.c:247:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(Z[1], sinfo->data, sinfo->nobs * sizeof(double));
data/gretl-2020e/lib/src/dbread.c:93:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char series_name[NAMELENGTH];  /* Series name */
data/gretl-2020e/lib/src/dbread.c:103:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char series_class[NAMELENGTH]; /* Series class. Not used, blank */
data/gretl-2020e/lib/src/dbread.c:104:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char comments[RATSCOMMENTS][RATSCOMMENTLENGTH];
data/gretl-2020e/lib/src/dbread.c:105:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pad[10];
data/gretl-2020e/lib/src/dbread.c:114:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char saved_db_name[MAXLEN];
data/gretl-2020e/lib/src/dbread.c:136:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dbbin[MAXLEN];
data/gretl-2020e/lib/src/dbread.c:142:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(dbbin, ".bin");
data/gretl-2020e/lib/src/dbread.c:146:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(dbbin, ".bn7");
data/gretl-2020e/lib/src/dbread.c:175:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char numstr[32];
data/gretl-2020e/lib/src/dbread.c:192:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(numstr, "%.7g", (double) x); /* N.B. converting a float */
data/gretl-2020e/lib/src/dbread.c:247:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&(nf.frac), getbuf + offset, sizeof nf.frac);
data/gretl-2020e/lib/src/dbread.c:249:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&(nf.exp), getbuf + offset, sizeof nf.exp);
data/gretl-2020e/lib/src/dbread.c:254:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&x, getbuf + offset, sizeof x);
data/gretl-2020e/lib/src/dbread.c:377:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dbbase[FILENAME_MAX];
data/gretl-2020e/lib/src/dbread.c:378:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[FILENAME_MAX];
data/gretl-2020e/lib/src/dbread.c:394:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(fname, ".idx");
data/gretl-2020e/lib/src/dbread.c:414:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(fname, ".bin");
data/gretl-2020e/lib/src/dbread.c:454:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(fname + strlen(fname) - 3, "idx");
data/gretl-2020e/lib/src/dbread.c:467:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN], l2[72];
data/gretl-2020e/lib/src/dbread.c:497:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[256];
data/gretl-2020e/lib/src/dbread.c:532:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sername[VNAMELEN];
data/gretl-2020e/lib/src/dbread.c:534:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s1[1024], s2[72];
data/gretl-2020e/lib/src/dbread.c:535:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stobs[OBSLEN], endobs[OBSLEN];
data/gretl-2020e/lib/src/dbread.c:646:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(sinfo->stobs, "%d", y0);
data/gretl-2020e/lib/src/dbread.c:647:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(sinfo->endobs, "%d", y1);
data/gretl-2020e/lib/src/dbread.c:652:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(sinfo->stobs, "%d:%d", y0, p0);
data/gretl-2020e/lib/src/dbread.c:653:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(sinfo->endobs, "%d:%d", y1, p1);
data/gretl-2020e/lib/src/dbread.c:655:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(sinfo->stobs, "%d:%02d", y0, p0);
data/gretl-2020e/lib/src/dbread.c:656:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(sinfo->endobs, "%d:%02d", y1, p1);
data/gretl-2020e/lib/src/dbread.c:668:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dbidx[MAXLEN];
data/gretl-2020e/lib/src/dbread.c:669:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[1024];
data/gretl-2020e/lib/src/dbread.c:670:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[24];
data/gretl-2020e/lib/src/dbread.c:679:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(p, ".in7");
data/gretl-2020e/lib/src/dbread.c:681:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(dbidx, ".in7");
data/gretl-2020e/lib/src/dbread.c:694:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(fmt, "%%%ds %%d %%d %%d %%d %%d %%d", VNAMELEN - 1);
data/gretl-2020e/lib/src/dbread.c:759:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(datestr, "%d", endyr);
data/gretl-2020e/lib/src/dbread.c:761:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(datestr, "%d.%d", endyr, endfrac);
data/gretl-2020e/lib/src/dbread.c:763:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(datestr, "%d.%02d", endyr, endfrac);
data/gretl-2020e/lib/src/dbread.c:807:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pdstr[8] = {0};
data/gretl-2020e/lib/src/dbread.c:814:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(sinfo->stobs, "%d", dinfo->year);
data/gretl-2020e/lib/src/dbread.c:817:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(pdstr, ".%d", dinfo->month);
data/gretl-2020e/lib/src/dbread.c:828:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(pdstr, ".%02d", dinfo->month);
data/gretl-2020e/lib/src/dbread.c:870:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(sinfo->stobs, "%d.%d", y0, p0);
data/gretl-2020e/lib/src/dbread.c:871:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(sinfo->endobs, "%d.%d", y1, p1);
data/gretl-2020e/lib/src/dbread.c:873:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(sinfo->stobs, "%d.%02d", y0, p0);
data/gretl-2020e/lib/src/dbread.c:874:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(sinfo->endobs, "%d.%02d", y1, p1);
data/gretl-2020e/lib/src/dbread.c:876:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(sinfo->stobs, "%d", y0);
data/gretl-2020e/lib/src/dbread.c:877:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(sinfo->endobs, "%d", y1);
data/gretl-2020e/lib/src/dbread.c:1139:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[1024];
data/gretl-2020e/lib/src/dbread.c:1140:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sname[VNAMELEN];
data/gretl-2020e/lib/src/dbread.c:1141:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char desc[MAXLABEL];
data/gretl-2020e/lib/src/dbread.c:1142:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[24];
data/gretl-2020e/lib/src/dbread.c:1148:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(fmt, "%%%ds %%d %%d %%d %%d %%d %%d", VNAMELEN - 1);
data/gretl-2020e/lib/src/dbread.c:1190:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[1024];
data/gretl-2020e/lib/src/dbread.c:1191:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sname[VNAMELEN];
data/gretl-2020e/lib/src/dbread.c:1192:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[24];
data/gretl-2020e/lib/src/dbread.c:1197:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(fmt, "%%%ds %%d %%d %%d %%d %%d %%d", VNAMELEN - 1);
data/gretl-2020e/lib/src/dbread.c:1554:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	y0 = atoi(stobs);
data/gretl-2020e/lib/src/dbread.c:1555:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	p0 = atoi(stobs + 5);
data/gretl-2020e/lib/src/dbread.c:1560:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(stobs, "%d", y0);
data/gretl-2020e/lib/src/dbread.c:1566:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	y0 = atoi(stobs);
data/gretl-2020e/lib/src/dbread.c:1567:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	p0 = atoi(stobs + 5);
data/gretl-2020e/lib/src/dbread.c:1575:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(stobs, "%d.%d", y0, q0);
data/gretl-2020e/lib/src/dbread.c:1613:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char new_stobs[OBSLEN] = {0};
data/gretl-2020e/lib/src/dbread.c:1649:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(new_stobs, ":1");
data/gretl-2020e/lib/src/dbread.c:1651:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(new_stobs, ":01");
data/gretl-2020e/lib/src/dbread.c:1662:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(new_stobs, "%d:%02d", yr, mo);
data/gretl-2020e/lib/src/dbread.c:1766:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char needle[12];
data/gretl-2020e/lib/src/dbread.c:1945:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char comp[8];
data/gretl-2020e/lib/src/dbread.c:2172:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/lib/src/dbread.c:2255:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char obsstr[OBSLEN] = {0};
data/gretl-2020e/lib/src/dbread.c:2260:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(obsstr, "%04d:%d", y, m2q(m));
data/gretl-2020e/lib/src/dbread.c:2262:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(obsstr, "%04d:%02d", y, m);
data/gretl-2020e/lib/src/dbread.c:2264:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(obsstr, "%04d", y);
data/gretl-2020e/lib/src/dbread.c:2277:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label[MAXLABEL];
data/gretl-2020e/lib/src/dbread.c:2312:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(label, "ODBC series %d", i + 1);
data/gretl-2020e/lib/src/dbread.c:2681:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char altname[VNAMELEN] = {0};
data/gretl-2020e/lib/src/dbread.c:2804:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(fname, ".XXXXXX");
data/gretl-2020e/lib/src/dbread.c:2826:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char src1[FILENAME_MAX];
data/gretl-2020e/lib/src/dbread.c:2827:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char src2[FILENAME_MAX];
data/gretl-2020e/lib/src/dbread.c:2828:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp1[FILENAME_MAX];
data/gretl-2020e/lib/src/dbread.c:2829:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp2[FILENAME_MAX];
data/gretl-2020e/lib/src/dbread.c:2830:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char series[VNAMELEN];
data/gretl-2020e/lib/src/dbread.c:2831:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, s[512];
data/gretl-2020e/lib/src/dbread.c:2858:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(tmp1, "tmpidx");
data/gretl-2020e/lib/src/dbread.c:2865:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(tmp2, "tmpbin");
data/gretl-2020e/lib/src/dbread.c:2991:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    *y = atoi(obs);
data/gretl-2020e/lib/src/dbread.c:2995:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	*m = atoi(obs + 5);
data/gretl-2020e/lib/src/dbread.c:2997:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int q = atoi(obs + 5);
data/gretl-2020e/lib/src/dbread.c:3500:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obs[12];
data/gretl-2020e/lib/src/dbread.c:3535:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obs[OBSLEN];
data/gretl-2020e/lib/src/dbread.c:3626:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label[MAXLABEL];
data/gretl-2020e/lib/src/dbread.c:3671:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(cset->stobs, "%d:%02d", startyr, startper);
data/gretl-2020e/lib/src/dbread.c:3672:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(cset->endobs, "%d:%02d", endyr, endper);
data/gretl-2020e/lib/src/dbread.c:3674:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(cset->stobs, "%d:%d", startyr, startper);
data/gretl-2020e/lib/src/dbread.c:3675:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(cset->endobs, "%d:%d", endyr, endper);
data/gretl-2020e/lib/src/dbread.c:3706:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sfx[16];
data/gretl-2020e/lib/src/dbread.c:3721:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(sfx, "_d%02d", compfac - j);
data/gretl-2020e/lib/src/dbread.c:3766:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sfx[16];
data/gretl-2020e/lib/src/dbread.c:3767:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label[MAXLABEL];
data/gretl-2020e/lib/src/dbread.c:3808:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(cset->stobs, "%d", startmaj);
data/gretl-2020e/lib/src/dbread.c:3809:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(cset->endobs, "%d", endmaj);
data/gretl-2020e/lib/src/dbread.c:3813:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(cset->stobs, "%d:%d", startmaj, q0);
data/gretl-2020e/lib/src/dbread.c:3814:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(cset->endobs, "%d:%d", endmaj, qT);
data/gretl-2020e/lib/src/dbread.c:3875:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(sfx, "_m%d", compfac - j);
data/gretl-2020e/lib/src/dbread.c:3879:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(sfx, "_m%02d", compfac - j);
data/gretl-2020e/lib/src/dbread.c:3882:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(sfx, "_q%d", compfac - j);
data/gretl-2020e/lib/src/dbread.c:4324:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obsstr[OBSLEN];
data/gretl-2020e/lib/src/dbread.c:4409:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obsstr[OBSLEN];
data/gretl-2020e/lib/src/dbread.c:4490:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(dset->stobs, "%04d:%02d", startyr, startmon);
data/gretl-2020e/lib/src/dbread.c:4491:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(dset->endobs, "%04d:%02d", endyr, endmon);
data/gretl-2020e/lib/src/dbread.c:4519:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obs[OBSLEN];
data/gretl-2020e/lib/src/dbread.c:4642:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(dset->stobs, "%04d:%02d", startyr, startmon);
data/gretl-2020e/lib/src/dbread.c:4643:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(dset->endobs, "%04d:%02d", endyr, endmon);
data/gretl-2020e/lib/src/dbread.c:4818:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stobs[OBSLEN];
data/gretl-2020e/lib/src/dbread.c:4902:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(stobs, "%d", startmaj);
data/gretl-2020e/lib/src/dbread.c:4988:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stobs[OBSLEN];
data/gretl-2020e/lib/src/dbread.c:5023:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(x, dset->Z[i], sz);
data/gretl-2020e/lib/src/dbread.c:5037:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(stobs, ":1");
data/gretl-2020e/lib/src/dbread.c:5039:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(stobs, ":01");
data/gretl-2020e/lib/src/dbread.c:5047:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(stobs, "%d:%02d", yr, mo);
data/gretl-2020e/lib/src/dbread.h:43:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char varname[VNAMELEN];
data/gretl-2020e/lib/src/dbread.h:46:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stobs[OBSLEN];
data/gretl-2020e/lib/src/dbread.h:47:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char endobs[OBSLEN];
data/gretl-2020e/lib/src/dbread.h:71:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char coltypes[ODBC_OBSCOLS];
data/gretl-2020e/lib/src/dbwrite.c:71:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[256];
data/gretl-2020e/lib/src/dbwrite.c:188:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stobs[OBSLEN], endobs[OBSLEN];
data/gretl-2020e/lib/src/dbwrite.c:349:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char idxcpy[FILENAME_MAX];
data/gretl-2020e/lib/src/dbwrite.c:350:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bincpy[FILENAME_MAX];
data/gretl-2020e/lib/src/dbwrite.c:353:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(idxcpy, ".cpy");
data/gretl-2020e/lib/src/dbwrite.c:356:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(bincpy, ".cpy");
data/gretl-2020e/lib/src/dbwrite.c:366:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char line1[256], line2[256];
data/gretl-2020e/lib/src/dbwrite.c:484:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char base[FILENAME_MAX];
data/gretl-2020e/lib/src/dbwrite.c:485:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char imode[3] = "w";
data/gretl-2020e/lib/src/dbwrite.c:486:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bmode[3] = "wb";
data/gretl-2020e/lib/src/dbwrite.c:496:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(idxname, ".idx");
data/gretl-2020e/lib/src/dbwrite.c:504:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(bmode, "ab");
data/gretl-2020e/lib/src/dbwrite.c:515:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(binname, ".bin");
data/gretl-2020e/lib/src/dbwrite.c:599:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char idxname[FILENAME_MAX];
data/gretl-2020e/lib/src/dbwrite.c:600:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char binname[FILENAME_MAX];
data/gretl-2020e/lib/src/describe.c:3919:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char crit_string[16];
data/gretl-2020e/lib/src/describe.c:3920:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[128];
data/gretl-2020e/lib/src/describe.c:3929:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(crit_string, "%.2f/T^%.1f", 1.96, 0.5);
data/gretl-2020e/lib/src/describe.c:4537:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char xstr[32];
data/gretl-2020e/lib/src/describe.c:4573:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(xstr, "%#.5g", dt);
data/gretl-2020e/lib/src/describe.c:5008:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char date1[OBSLEN], date2[OBSLEN];
data/gretl-2020e/lib/src/describe.c:5040:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fmt[32];
data/gretl-2020e/lib/src/describe.c:5057:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *labels[NSUMM] = {
data/gretl-2020e/lib/src/describe.c:5085:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char obs1[OBSLEN], obs2[OBSLEN];
data/gretl-2020e/lib/src/describe.c:5098:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				      atoi(vname), mname, s->n);
data/gretl-2020e/lib/src/describe.c:5101:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				      atoi(vname), s->n);
data/gretl-2020e/lib/src/describe.c:5185:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[NAMETRUNC];
data/gretl-2020e/lib/src/describe.c:6489:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char date1[OBSLEN], date2[OBSLEN], tmp[96];
data/gretl-2020e/lib/src/describe.c:6501:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(tmp, _("(missing values were skipped)"));
data/gretl-2020e/lib/src/describe.c:6506:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmp, _("5%% critical value (two-tailed) = "
data/gretl-2020e/lib/src/describe.c:6880:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dset->varname[v], "mdist");
data/gretl-2020e/lib/src/describe.h:48:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char varname[VNAMELEN];  /* for ID purposes */
data/gretl-2020e/lib/src/describe.h:66:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rvarname[VNAMELEN]; /* name of rows series */
data/gretl-2020e/lib/src/describe.h:67:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cvarname[VNAMELEN]; /* name of cols series */
data/gretl-2020e/lib/src/discrete.c:889:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[16];
data/gretl-2020e/lib/src/discrete.c:897:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmp, "cut%d", s++);
data/gretl-2020e/lib/src/estimate.c:278:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(dset->varname[vi], "eps");
data/gretl-2020e/lib/src/estimate.c:288:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(dset->varname[vi], "%.6s_r", dset->varname[vm]);
data/gretl-2020e/lib/src/estimate.c:322:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(dset->varname[vi], "uhat_1");
data/gretl-2020e/lib/src/estimate.c:557:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char t1s[OBSLEN], t2s[OBSLEN];
data/gretl-2020e/lib/src/estimate.c:589:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char parent[VNAMELEN];
data/gretl-2020e/lib/src/estimate.c:2111:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char num[8];
data/gretl-2020e/lib/src/estimate.c:2114:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(num, "%.1f", 100 * r);
data/gretl-2020e/lib/src/estimate.c:2115:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    k = atoi(num);
data/gretl-2020e/lib/src/estimate.c:2495:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(dset->varname[vnew], "X%d_X%d", i-1, j-1);
data/gretl-2020e/lib/src/estimate.c:2885:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(dset->varname[newv+1], "yhat^2");
data/gretl-2020e/lib/src/estimate.c:3128:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dset->varname[v], "uhatsq");
data/gretl-2020e/lib/src/estimate.c:3622:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(names[i], "alpha(%d)", i);
data/gretl-2020e/lib/src/estimate.c:3867:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(dset->varname[k], "utsq");
data/gretl-2020e/lib/src/estimate.c:3879:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(dset->varname[k], "utsq_%d", i);
data/gretl-2020e/lib/src/estimate.c:3909:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dset->varname[nwt], "1/sigma");
data/gretl-2020e/lib/src/estimate.c:4091:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		n = atoi(p + 6);
data/gretl-2020e/lib/src/flow_control.c:203:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static unsigned char T[IF_DEPTH];
data/gretl-2020e/lib/src/flow_control.c:204:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static unsigned char tok[IF_DEPTH];
data/gretl-2020e/lib/src/flow_control.c:205:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static unsigned char got_T[IF_DEPTH];
data/gretl-2020e/lib/src/forecast.c:409:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(fr->depvar, "implicit y");
data/gretl-2020e/lib/src/forecast.c:705:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(fc->val, fc->val + fc->rows, sz);
data/gretl-2020e/lib/src/forecast.c:737:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char obsstr[OBSLEN];
data/gretl-2020e/lib/src/forecast.c:1190:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char formula[MAXLINE];
data/gretl-2020e/lib/src/forecast.c:1277:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dset->Z[yno], y, dset->n * sizeof *y);
data/gretl-2020e/lib/src/forecast.c:1313:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char formula[MAXLINE];
data/gretl-2020e/lib/src/forecast.c:1384:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dset->Z[yno], y, dset->n * sizeof *y);
data/gretl-2020e/lib/src/forecast.c:2021:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char obsstr[OBSLEN];
data/gretl-2020e/lib/src/forecast.c:2120:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char obsstr[OBSLEN];
data/gretl-2020e/lib/src/forecast.c:3080:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char f[4][32] = {0};
data/gretl-2020e/lib/src/forecast.c:3596:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/lib/src/forecast.c:3753:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/lib/src/forecast.h:55:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char depvar[VNAMELEN]; /* name of dependent variable */
data/gretl-2020e/lib/src/geneval.c:2498:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(targ, ret->v.xvec, nb);
data/gretl-2020e/lib/src/geneval.c:2985:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(m->val, x + p->dset->t1, T * sizeof *x);
data/gretl-2020e/lib/src/geneval.c:4460:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[1024];
data/gretl-2020e/lib/src/geneval.c:8199:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[64] = {0};
data/gretl-2020e/lib/src/geneval.c:9315:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(ret->v.m->val, m->val, msize);
data/gretl-2020e/lib/src/geneval.c:12472:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char const *S[3] = {NULL};
data/gretl-2020e/lib/src/geneval.c:13155:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char freemat[2] = {0};
data/gretl-2020e/lib/src/geneval.c:15281:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char obs[12];
data/gretl-2020e/lib/src/geneval.c:15862:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[256];
data/gretl-2020e/lib/src/geneval.c:15867:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(msg, " but name look-up failed");
data/gretl-2020e/lib/src/geneval.c:18021:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char opstr[4] = {0};
data/gretl-2020e/lib/src/geneval.c:18476:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char opstr[3] = {0};
data/gretl-2020e/lib/src/geneval.c:18731:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(v->val, x + t1, n * sizeof *x);
data/gretl-2020e/lib/src/geneval.c:19700:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(Z[v] + p->dset->t1, x + p->dset->t1, sz);
data/gretl-2020e/lib/src/genfuncs.c:2671:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(y, x, T * sizeof *y);
data/gretl-2020e/lib/src/genfuncs.c:2904:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dname[VNAMELEN];
data/gretl-2020e/lib/src/genfuncs.c:2908:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(dname, "du_%d", i + 1);
data/gretl-2020e/lib/src/genfuncs.c:2915:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(dname, "dt_%d", i + 1);
data/gretl-2020e/lib/src/genfuncs.c:2932:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(vname, "S%d", k);
data/gretl-2020e/lib/src/genfuncs.c:2933:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(vlabel, "centered periodic dummy");
data/gretl-2020e/lib/src/genfuncs.c:2935:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(vname, "S%d", k);
data/gretl-2020e/lib/src/genfuncs.c:2936:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(vlabel, "uncentered periodic dummy");
data/gretl-2020e/lib/src/genfuncs.c:2938:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(vname, "dq%d", k);
data/gretl-2020e/lib/src/genfuncs.c:2939:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(vlabel, _("= 1 if quarter = %d, 0 otherwise"), k);
data/gretl-2020e/lib/src/genfuncs.c:2941:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(vname, "dm%d", k);
data/gretl-2020e/lib/src/genfuncs.c:2942:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(vlabel, _("= 1 if month = %d, 0 otherwise"), k);
data/gretl-2020e/lib/src/genfuncs.c:2944:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dumstr[8] = "dummy_";
data/gretl-2020e/lib/src/genfuncs.c:2945:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char numstr[12];
data/gretl-2020e/lib/src/genfuncs.c:2948:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(numstr, "%d", k);
data/gretl-2020e/lib/src/genfuncs.c:2976:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/lib/src/genfuncs.c:2977:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vlabel[MAXLABEL];
data/gretl-2020e/lib/src/genfuncs.c:3093:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char datestr[OBSLEN];
data/gretl-2020e/lib/src/genfuncs.c:3128:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char datestr[OBSLEN];
data/gretl-2020e/lib/src/genfuncs.c:3233:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[16], label[MAXLABEL];
data/gretl-2020e/lib/src/genfuncs.c:3289:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(vname, "dt_%d", vi);
data/gretl-2020e/lib/src/genfuncs.c:3320:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(vname, "du_%d", vi);
data/gretl-2020e/lib/src/genfuncs.c:3372:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(dset->varname[i], "unit");
data/gretl-2020e/lib/src/genfuncs.c:3401:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, obs[OBSLEN];
data/gretl-2020e/lib/src/genfuncs.c:3406:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (p != NULL && atoi(p + 1) == 1) {
data/gretl-2020e/lib/src/genfuncs.c:3457:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dset->varname[v], "time");
data/gretl-2020e/lib/src/genfuncs.c:3460:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dset->varname[v], "index");
data/gretl-2020e/lib/src/genfuncs.c:3495:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datestr[OBSLEN];
data/gretl-2020e/lib/src/genfuncs.c:3508:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(dset->varname[i], "weekday");
data/gretl-2020e/lib/src/genfuncs.c:3732:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char datestr[OBSLEN];
data/gretl-2020e/lib/src/genfuncs.c:3839:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(vname, "uhat%d", pmod->ID);
data/gretl-2020e/lib/src/genfuncs.c:3841:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(vlabel, _("standardized residual from model %d"), pmod->ID);
data/gretl-2020e/lib/src/genfuncs.c:3843:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(vlabel, _("residual from model %d"), pmod->ID);
data/gretl-2020e/lib/src/genfuncs.c:3846:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(vname, "yhat%d", pmod->ID);
data/gretl-2020e/lib/src/genfuncs.c:3847:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(vlabel, _("fitted value from model %d"), pmod->ID);
data/gretl-2020e/lib/src/genfuncs.c:3850:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(vname, "usq%d", pmod->ID);
data/gretl-2020e/lib/src/genfuncs.c:3852:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(vlabel, _("squared standardized residual from model %d"), pmod->ID);
data/gretl-2020e/lib/src/genfuncs.c:3854:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(vlabel, _("squared residual from model %d"), pmod->ID);
data/gretl-2020e/lib/src/genfuncs.c:3858:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(vname, "h%d", pmod->ID);
data/gretl-2020e/lib/src/genfuncs.c:3859:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(vlabel, _("fitted variance from model %d"), pmod->ID);
data/gretl-2020e/lib/src/genfuncs.c:3861:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(vname, "ahat%d", pmod->ID);
data/gretl-2020e/lib/src/genfuncs.c:3863:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(vlabel, _("individual effects from model %d"), pmod->ID);
data/gretl-2020e/lib/src/genfuncs.c:3865:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(vlabel, _("per-unit constants from model %d"), pmod->ID);
data/gretl-2020e/lib/src/genfuncs.c:3887:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN], vlabel[MAXLABEL];
data/gretl-2020e/lib/src/genfuncs.c:3911:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[OBSLEN];
data/gretl-2020e/lib/src/genfuncs.c:3947:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char datestr[OBSLEN];
data/gretl-2020e/lib/src/genfuncs.c:3973:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	t = atoi(obs) - 1; /* convert from 1-based to 0-based */
data/gretl-2020e/lib/src/genfuncs.c:3995:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char obs[OBSLEN+2];
data/gretl-2020e/lib/src/genfuncs.c:4024:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char try[16];
data/gretl-2020e/lib/src/genfuncs.c:4026:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(try, "%d", t);
data/gretl-2020e/lib/src/genfuncs.c:5145:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rname[32];
data/gretl-2020e/lib/src/genfuncs.c:5208:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/lib/src/genfuncs.c:5243:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char label[MAXLABEL];
data/gretl-2020e/lib/src/genfuncs.c:7455:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obstr[8];
data/gretl-2020e/lib/src/genfuncs.c:7460:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(obstr, "%.1f", sd0 - yr);
data/gretl-2020e/lib/src/genfuncs.c:7461:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	mo = 1 + (atoi(obstr + 2) - 1) * 3;
data/gretl-2020e/lib/src/genfuncs.c:7465:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(obstr, "%.2f", sd0 - yr);
data/gretl-2020e/lib/src/genfuncs.c:7466:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	mo = atoi(obstr + 2);
data/gretl-2020e/lib/src/genfuncs.c:7501:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datestr[16];
data/gretl-2020e/lib/src/genfuncs.c:7526:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datestr[16];
data/gretl-2020e/lib/src/genfuncs.c:7589:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(dest, x, bytes);
data/gretl-2020e/lib/src/genfuncs.c:7759:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(obs1, "%d", ymd1[0]);
data/gretl-2020e/lib/src/genfuncs.c:7760:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(obs2, "%d", ymd2[0]);
data/gretl-2020e/lib/src/genfuncs.c:7770:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(obs1, "%d:%d", ymd1[0], 1 + (m1-1)/3);
data/gretl-2020e/lib/src/genfuncs.c:7771:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(obs2, "%d:%d", ymd2[0], 1 + (m2-1)/3);
data/gretl-2020e/lib/src/genfuncs.c:7780:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(obs1, "%d:%02d", ymd1[0], m1);
data/gretl-2020e/lib/src/genfuncs.c:7781:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(obs2, "%d:%02d", ymd2[0], m2);
data/gretl-2020e/lib/src/genfuncs.c:7791:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obs1[16], obs2[16];
data/gretl-2020e/lib/src/genlex.c:1294:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[12];
data/gretl-2020e/lib/src/genlex.c:1328:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[OBSLEN + 2] = {0};
data/gretl-2020e/lib/src/genlex.c:1687:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char chk[2] = {p->ch, '\0'};
data/gretl-2020e/lib/src/genlex.c:1823:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[32];
data/gretl-2020e/lib/src/genlex.c:1956:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char xstr[NUMLEN] = {0};
data/gretl-2020e/lib/src/genmain.c:146:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/lib/src/genmain.c:147:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[16];
data/gretl-2020e/lib/src/genmain.c:170:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(fmt, "%%%d[^ ()](%%d)", VNAMELEN-1);
data/gretl-2020e/lib/src/genmain.c:225:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tmp[MAXLABEL];
data/gretl-2020e/lib/src/genmain.c:229:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(tmp, "...");
data/gretl-2020e/lib/src/genmain.c:251:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[9];
data/gretl-2020e/lib/src/genmain.c:358:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/lib/src/genmain.c:359:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lname[VNAMELEN];
data/gretl-2020e/lib/src/genmain.c:360:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[16];
data/gretl-2020e/lib/src/genmain.c:362:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(fmt, "%%%d[^.].%%%ds", VNAMELEN-1, VNAMELEN-1);
data/gretl-2020e/lib/src/genmain.c:741:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(spec, "markers");
data/gretl-2020e/lib/src/genmain.c:765:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN] = {0};
data/gretl-2020e/lib/src/genparse.h:677:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[VNAMELEN];   /* name of LHS variable */
data/gretl-2020e/lib/src/gensyntax.c:424:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN] = {0};
data/gretl-2020e/lib/src/gensyntax.c:529:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tmp[VNAMELEN];
data/gretl-2020e/lib/src/gmm.c:38:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mname[VNAMELEN];  /* or name of source matrix */
data/gretl-2020e/lib/src/gmm.c:62:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char Wname[VNAMELEN]; /* name of weighting matrix */
data/gretl-2020e/lib/src/gmm.c:664:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lname[VNAMELEN]; 
data/gretl-2020e/lib/src/gmm.c:665:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rname[VNAMELEN];
data/gretl-2020e/lib/src/gmm.c:666:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[16];
data/gretl-2020e/lib/src/gmm.c:687:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(fmt, "%%%d[^; ] ; %%%ds", VNAMELEN-1, VNAMELEN-1);
data/gretl-2020e/lib/src/gmm.c:943:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(spec->oc->Wname, "auto");
data/gretl-2020e/lib/src/graphing.c:64:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gnuplot_path[MAXLEN];
data/gretl-2020e/lib/src/graphing.c:69:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ad_hoc_font[64];
data/gretl-2020e/lib/src/graphing.c:80:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char timefmt[16];
data/gretl-2020e/lib/src/graphing.c:81:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char xtics[64];
data/gretl-2020e/lib/src/graphing.c:82:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char xfmt[16];
data/gretl-2020e/lib/src/graphing.c:83:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char yfmt[16];
data/gretl-2020e/lib/src/graphing.c:233:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char errbuf[128];
data/gretl-2020e/lib/src/graphing.c:389:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	k = atoi(s);
data/gretl-2020e/lib/src/graphing.c:881:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(s, "#%06X", color);
data/gretl-2020e/lib/src/graphing.c:897:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(s, "x%06X x%06X", user_extra_color[0],
data/gretl-2020e/lib/src/graphing.c:953:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ptstr[8];
data/gretl-2020e/lib/src/graphing.c:957:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	*psz = atoi(ptstr);
data/gretl-2020e/lib/src/graphing.c:971:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fstr[256];
data/gretl-2020e/lib/src/graphing.c:972:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[128];
data/gretl-2020e/lib/src/graphing.c:1016:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fname[128];
data/gretl-2020e/lib/src/graphing.c:1044:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fname[128];
data/gretl-2020e/lib/src/graphing.c:1055:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fstr, "sans,%d", stdsize);
data/gretl-2020e/lib/src/graphing.c:1061:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gp_style[32]; /* basename of style file */
data/gretl-2020e/lib/src/graphing.c:1185:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char targ[32];
data/gretl-2020e/lib/src/graphing.c:1187:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "set linetype %d", offset + 1);
data/gretl-2020e/lib/src/graphing.c:1196:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cstr[12];
data/gretl-2020e/lib/src/graphing.c:1285:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[FILENAME_MAX];
data/gretl-2020e/lib/src/graphing.c:1375:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char size_str[32];
data/gretl-2020e/lib/src/graphing.c:1378:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(size_str, " size %.2f,%.2f", w, h);
data/gretl-2020e/lib/src/graphing.c:1386:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(s, "\nset encoding utf8");
data/gretl-2020e/lib/src/graphing.c:1397:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char font_string[128];
data/gretl-2020e/lib/src/graphing.c:1418:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char font_string[128];
data/gretl-2020e/lib/src/graphing.c:1440:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(term_line, "set term tikz");
data/gretl-2020e/lib/src/graphing.c:1442:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(term_line, "set term cairolatex");
data/gretl-2020e/lib/src/graphing.c:1495:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(s, " size %d,%d", w, h);
data/gretl-2020e/lib/src/graphing.c:1502:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char font_string[140];
data/gretl-2020e/lib/src/graphing.c:1503:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char size_string[16];
data/gretl-2020e/lib/src/graphing.c:1536:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ad_hoc_fontspec[128];
data/gretl-2020e/lib/src/graphing.c:1537:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char font_string[140];
data/gretl-2020e/lib/src/graphing.c:1538:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char size_string[16];
data/gretl-2020e/lib/src/graphing.c:1552:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(term_line, "\n# fontspec: ");
data/gretl-2020e/lib/src/graphing.c:1595:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char term_line[TERMLEN];
data/gretl-2020e/lib/src/graphing.c:1614:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(term_line, "set term svg noenhanced");
data/gretl-2020e/lib/src/graphing.c:1617:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(term_line, "set term fig");
data/gretl-2020e/lib/src/graphing.c:1630:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char term_line[TERMLEN];
data/gretl-2020e/lib/src/graphing.c:1658:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fname[128];
data/gretl-2020e/lib/src/graphing.c:1676:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fstr, "font \"sans,%d\"", stdsize);
data/gretl-2020e/lib/src/graphing.c:1685:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char font_string[140];
data/gretl-2020e/lib/src/graphing.c:1698:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(term_line, "set term emf dash noenhanced ");
data/gretl-2020e/lib/src/graphing.c:1700:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(term_line, "set term emf color noenhanced ");
data/gretl-2020e/lib/src/graphing.c:1781:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char term_line[TERMLEN];
data/gretl-2020e/lib/src/graphing.c:1794:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(term_line, "set term fig\nset encoding utf8");
data/gretl-2020e/lib/src/graphing.c:1796:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(term_line, "set term svg noenhanced\nset encoding utf8");
data/gretl-2020e/lib/src/graphing.c:1815:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gnuplot_outname[FILENAME_MAX];
data/gretl-2020e/lib/src/graphing.c:1859:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[FILENAME_MAX];
data/gretl-2020e/lib/src/graphing.c:1914:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fname, "gpttmp%02d.plt", ++gretl_plot_count);
data/gretl-2020e/lib/src/graphing.c:2109:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[FILENAME_MAX] = {0};
data/gretl-2020e/lib/src/graphing.c:2255:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[MAXLEN];
data/gretl-2020e/lib/src/graphing.c:2380:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char depvar[VNAMELEN];
data/gretl-2020e/lib/src/graphing.c:2381:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[128];
data/gretl-2020e/lib/src/graphing.c:2608:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[96];
data/gretl-2020e/lib/src/graphing.c:2670:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(title, _("loess fit, d = %d, q = %g"), d, q);
data/gretl-2020e/lib/src/graphing.c:2779:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char title[MAXTITLE], formula[GP_MAXFORMULA];
data/gretl-2020e/lib/src/graphing.c:2880:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s1[32], s2[32];
data/gretl-2020e/lib/src/graphing.c:2884:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s1, "%.*g", d, vmin);
data/gretl-2020e/lib/src/graphing.c:2885:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s2, "%.*g", d, vmax);
data/gretl-2020e/lib/src/graphing.c:2893:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(gi->xfmt, "%% .%dg", d+1);
data/gretl-2020e/lib/src/graphing.c:2895:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(gi->xtics, "%.*g %#.6g", d+1, vmin,
data/gretl-2020e/lib/src/graphing.c:2899:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(gi->yfmt, "%% .%dg", d+1);
data/gretl-2020e/lib/src/graphing.c:3114:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char obs[OBSLEN];
data/gretl-2020e/lib/src/graphing.c:3135:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obs[OBSLEN];
data/gretl-2020e/lib/src/graphing.c:3233:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char obs[OBSLEN];
data/gretl-2020e/lib/src/graphing.c:3401:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, " lw 2");
data/gretl-2020e/lib/src/graphing.c:3419:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(str, "w lines");
data/gretl-2020e/lib/src/graphing.c:3421:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(str, "w impulses");
data/gretl-2020e/lib/src/graphing.c:3423:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(str, "w linespoints");
data/gretl-2020e/lib/src/graphing.c:3425:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(str, "w boxes");
data/gretl-2020e/lib/src/graphing.c:3427:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(str, "w steps");
data/gretl-2020e/lib/src/graphing.c:3429:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(str, "w points");
data/gretl-2020e/lib/src/graphing.c:3432:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(str, "w lines");
data/gretl-2020e/lib/src/graphing.c:3434:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(str, "w impulses");
data/gretl-2020e/lib/src/graphing.c:3436:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(str, "w steps");
data/gretl-2020e/lib/src/graphing.c:3438:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(str, "w points");
data/gretl-2020e/lib/src/graphing.c:3518:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *test, datestr[OBSLEN];
data/gretl-2020e/lib/src/graphing.c:3638:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mname[16];
data/gretl-2020e/lib/src/graphing.c:3788:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obs[OBSLEN];
data/gretl-2020e/lib/src/graphing.c:3792:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    y1 = atoi(obs);
data/gretl-2020e/lib/src/graphing.c:3794:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    y2 = atoi(obs);
data/gretl-2020e/lib/src/graphing.c:3816:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(gi->timefmt, "%s");
data/gretl-2020e/lib/src/graphing.c:3819:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(gi->xfmt, "%m-%d");
data/gretl-2020e/lib/src/graphing.c:3821:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(gi->xfmt, "%y-%m-%d"); /* two-digit year */
data/gretl-2020e/lib/src/graphing.c:3839:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(xlabel, _("time series by group"));
data/gretl-2020e/lib/src/graphing.c:3965:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s1[MAXDISP] = {0};
data/gretl-2020e/lib/src/graphing.c:3966:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s2[MAXDISP] = {0};
data/gretl-2020e/lib/src/graphing.c:3967:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char xlabel[MAXDISP] = {0};
data/gretl-2020e/lib/src/graphing.c:3968:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char withstr[16] = {0};
data/gretl-2020e/lib/src/graphing.c:3969:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lwstr[8] = {0};
data/gretl-2020e/lib/src/graphing.c:3970:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char keystr[48] = {0};
data/gretl-2020e/lib/src/graphing.c:4114:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(keystr, "set key left top\n");
data/gretl-2020e/lib/src/graphing.c:4119:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(keystr, "set nokey\n");
data/gretl-2020e/lib/src/graphing.c:4145:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(keystr, "set nokey\n");
data/gretl-2020e/lib/src/graphing.c:4166:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(keystr, "set key outside\n");
data/gretl-2020e/lib/src/graphing.c:4640:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "col %d", j);
data/gretl-2020e/lib/src/graphing.c:4812:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char label[16];
data/gretl-2020e/lib/src/graphing.c:4853:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[MAXLEN];
data/gretl-2020e/lib/src/graphing.c:5092:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "z = %.3f [%.4f]", v, pv);
data/gretl-2020e/lib/src/graphing.c:5102:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[10];
data/gretl-2020e/lib/src/graphing.c:5106:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(test, "%g", 0.5);
data/gretl-2020e/lib/src/graphing.c:5112:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "N(%.5g%c%.5g)", x,
data/gretl-2020e/lib/src/graphing.c:5115:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "gamma(%.5g%c%.5g)", x,
data/gretl-2020e/lib/src/graphing.c:5181:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char withstr[32] = {0};
data/gretl-2020e/lib/src/graphing.c:5182:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label[80] = {0};
data/gretl-2020e/lib/src/graphing.c:5349:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char label[32];
data/gretl-2020e/lib/src/graphing.c:5371:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(withstr, "w boxes");
data/gretl-2020e/lib/src/graphing.c:5373:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(withstr, "w impulses linewidth 3");
data/gretl-2020e/lib/src/graphing.c:5718:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cstr[10];
data/gretl-2020e/lib/src/graphing.c:5741:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cstr[10];
data/gretl-2020e/lib/src/graphing.c:6081:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		v = atoi(S[i]);
data/gretl-2020e/lib/src/graphing.c:6173:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char fname[FILENAME_MAX];
data/gretl-2020e/lib/src/graphing.c:6183:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char line[32], cname[18], rgb[8];
data/gretl-2020e/lib/src/graphing.c:6290:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stobs[16], endobs[16];
data/gretl-2020e/lib/src/graphing.c:6299:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(rgb, "#dddddd");
data/gretl-2020e/lib/src/graphing.c:6311:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(endobs, "%g", gi->x[t]);
data/gretl-2020e/lib/src/graphing.c:6318:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(stobs, "%g", gi->x[t]);
data/gretl-2020e/lib/src/graphing.c:6325:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(endobs, "%g", gi->x[t2]);
data/gretl-2020e/lib/src/graphing.c:6371:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char yname[MAXDISP];
data/gretl-2020e/lib/src/graphing.c:6372:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char xname[MAXDISP];
data/gretl-2020e/lib/src/graphing.c:6373:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rgb[10] = {0};
data/gretl-2020e/lib/src/graphing.c:6374:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char wspec[16] = {0};
data/gretl-2020e/lib/src/graphing.c:6540:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lspec[24], dspec[8];
data/gretl-2020e/lib/src/graphing.c:6554:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(lspec, "lt %d", n_yvars + 1);
data/gretl-2020e/lib/src/graphing.c:6557:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(dspec, " dt 2");
data/gretl-2020e/lib/src/graphing.c:7034:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s1[16], s2[16];
data/gretl-2020e/lib/src/graphing.c:7038:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s1, "% g", ymin);
data/gretl-2020e/lib/src/graphing.c:7039:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s2, "% g", ymax);
data/gretl-2020e/lib/src/graphing.c:7041:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s1, "%g", ymin);
data/gretl-2020e/lib/src/graphing.c:7042:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s2, "%g", ymax);
data/gretl-2020e/lib/src/graphing.c:7290:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char s0[OBSLEN], s1[OBSLEN];
data/gretl-2020e/lib/src/graphing.c:7423:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(gset->varname[i+1], "%d", u0+i+1);
data/gretl-2020e/lib/src/graphing.c:7434:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(gset->varname[i+1], "%d", u0+i+1);
data/gretl-2020e/lib/src/graphing.c:7494:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char uname[OBSLEN];
data/gretl-2020e/lib/src/graphing.c:7597:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(uname, "%d", u0+i+1);
data/gretl-2020e/lib/src/graphing.c:7783:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[128];
data/gretl-2020e/lib/src/graphing.c:7812:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(title, _("%g percent confidence band"), 100 * (1 - alpha));
data/gretl-2020e/lib/src/graphing.c:7821:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(title, _("%g and %g quantiles"), ql, qh);
data/gretl-2020e/lib/src/graphing.c:7982:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[128];
data/gretl-2020e/lib/src/graphing.c:8101:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lwstr[8];
data/gretl-2020e/lib/src/graphing.c:8551:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pm_title[16];
data/gretl-2020e/lib/src/graphing.c:8555:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(pm_title, "%.2f/T^%.1f", 1.96, 0.5);
data/gretl-2020e/lib/src/graphing.c:8673:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[80];
data/gretl-2020e/lib/src/graphing.c:8975:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[48];
data/gretl-2020e/lib/src/graphing.c:9114:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *p, tmp[OBSLEN];
data/gretl-2020e/lib/src/graphing.c:9118:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	y = atoi(tmp);
data/gretl-2020e/lib/src/graphing.c:9127:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(stobs, "%d:1", y);
data/gretl-2020e/lib/src/graphing.c:9129:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(stobs, "%d:01", y);
data/gretl-2020e/lib/src/graphing.c:9132:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    q = atoi(p + 1);
data/gretl-2020e/lib/src/graphing.c:9135:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(stobs, "%d:%02d", y, m);
data/gretl-2020e/lib/src/graphing.c:9138:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(stobs, "%d-%02d-01", y, m);
data/gretl-2020e/lib/src/graphing.c:9142:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    m = atoi(p + 1);
data/gretl-2020e/lib/src/graphing.c:9143:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(stobs, "%d-%02d-01", y, m);
data/gretl-2020e/lib/src/graphing.c:9167:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stobs[OBSLEN];
data/gretl-2020e/lib/src/graphing.c:9255:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char numstr[12];
data/gretl-2020e/lib/src/graphing.c:9257:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(numstr, "%d", plotpd);
data/gretl-2020e/lib/src/graphing.c:9314:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dname[MAXDISP];
data/gretl-2020e/lib/src/graphing.c:9450:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[1024];
data/gretl-2020e/lib/src/graphing.c:9523:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[8192];
data/gretl-2020e/lib/src/graphing.c:9623:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *colors[3][3] = {
data/gretl-2020e/lib/src/graphing.c:9956:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[8196];
data/gretl-2020e/lib/src/graphing.c:10038:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mstr[16] = {0};
data/gretl-2020e/lib/src/graphing.c:10091:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(mstr, " * %d", mult);
data/gretl-2020e/lib/src/gretl_array.c:724:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(dest, m->z, n * sizeof *dest);
data/gretl-2020e/lib/src/gretl_array.c:741:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dest, m->val, n * sizeof *dest);
data/gretl-2020e/lib/src/gretl_array.c:1950:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(targ, m->val, leadcols * rsize);
data/gretl-2020e/lib/src/gretl_array.c:1961:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(targ, src, cols * rsize);
data/gretl-2020e/lib/src/gretl_bfgs.c:309:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(h, h0, n * sizeof *h);
data/gretl-2020e/lib/src/gretl_bfgs.c:1495:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char task[60];
data/gretl-2020e/lib/src/gretl_bfgs.c:1496:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char csave[60];
data/gretl-2020e/lib/src/gretl_bfgs.c:1574:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(task, "START");
data/gretl-2020e/lib/src/gretl_bfgs.c:1609:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(task, "STOP: TOTAL NO. of f AND g "
data/gretl-2020e/lib/src/gretl_bfgs.c:1772:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gmname[VNAMELEN]; /* name of user-defined gradient vector */
data/gretl-2020e/lib/src/gretl_bfgs.c:1773:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hmname[VNAMELEN]; /* name of user-defined Hessian matrix */
data/gretl-2020e/lib/src/gretl_bfgs.c:2007:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char vname[VNAMELEN];
data/gretl-2020e/lib/src/gretl_bfgs.c:2035:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fname[FN_NAMELEN];
data/gretl-2020e/lib/src/gretl_bundle.c:2393:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fullname[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_bundle.c:2497:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fullname[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_cmatrix.c:833:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(az, x->val, xsize * sizeof *az);
data/gretl-2020e/lib/src/gretl_cmatrix.c:1362:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[3] = "  ";
data/gretl-2020e/lib/src/gretl_cmatrix.c:1557:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(A->z, C->z, n * sizeof *A->z);
data/gretl-2020e/lib/src/gretl_errors.c:31:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gretl_errmsg[ERRLEN];
data/gretl-2020e/lib/src/gretl_errors.c:32:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gretl_warnmsg[ERRLEN];
data/gretl-2020e/lib/src/gretl_errors.c:419:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tmp[ERRLEN];
data/gretl-2020e/lib/src/gretl_foreign.c:259:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char line[256], host[128];
data/gretl-2020e/lib/src/gretl_foreign.c:344:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[4096];
data/gretl-2020e/lib/src/gretl_foreign.c:497:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(p, "Rscript.exe");
data/gretl-2020e/lib/src/gretl_foreign.c:571:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char line[1024];
data/gretl-2020e/lib/src/gretl_foreign.c:813:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *argv[6];
data/gretl-2020e/lib/src/gretl_foreign.c:902:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *argv[12] = {0};
data/gretl-2020e/lib/src/gretl_foreign.c:903:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char npnum[8] = {0};
data/gretl-2020e/lib/src/gretl_foreign.c:933:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(npnum, "%d", np);
data/gretl-2020e/lib/src/gretl_foreign.c:1425:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[1024];
data/gretl-2020e/lib/src/gretl_foreign.c:1622:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char save_na[8];
data/gretl-2020e/lib/src/gretl_foreign.c:1870:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *p, datestr[OBSLEN];
data/gretl-2020e/lib/src/gretl_foreign.c:1876:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    subper = atoi(p + 1);
data/gretl-2020e/lib/src/gretl_foreign.c:1884:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		  "frequency=%d)\n", atoi(datestr), subper, dset->pd);
data/gretl-2020e/lib/src/gretl_foreign.c:1890:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    atoi(datestr), subper, dset->pd);
data/gretl-2020e/lib/src/gretl_foreign.c:2579:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char line[512];
data/gretl-2020e/lib/src/gretl_foreign.c:3257:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char lang[16];
data/gretl-2020e/lib/src/gretl_func.c:107:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stobs[OBSLEN]; /* string representation of starting obs */
data/gretl-2020e/lib/src/gretl_func.c:133:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[FN_NAMELEN]; /* identifier */
data/gretl-2020e/lib/src/gretl_func.c:149:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[FN_NAMELEN]; /* package name */
data/gretl-2020e/lib/src/gretl_func.c:259:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char mpi_caller[FN_NAMELEN];
data/gretl-2020e/lib/src/gretl_func.c:339:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s1[4], s2[8];
data/gretl-2020e/lib/src/gretl_func.c:1791:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[MAXLINE];
data/gretl-2020e/lib/src/gretl_func.c:2826:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char vstr[8];
data/gretl-2020e/lib/src/gretl_func.c:2915:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char vstr[8];
data/gretl-2020e/lib/src/gretl_func.c:3543:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, line[1024];
data/gretl-2020e/lib/src/gretl_func.c:3558:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dirname[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_func.c:3748:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_func.c:3749:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[4096], cont[1024];
data/gretl-2020e/lib/src/gretl_func.c:3873:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dtdname[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_func.c:4029:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char testname[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_func.c:4079:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gfnname[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_func.c:5162:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vstr[8];
data/gretl-2020e/lib/src/gretl_func.c:5213:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(p, ".pdf");
data/gretl-2020e/lib/src/gretl_func.c:5260:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vstr[8];
data/gretl-2020e/lib/src/gretl_func.c:5343:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *rem, line[2048];
data/gretl-2020e/lib/src/gretl_func.c:5964:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[128];
data/gretl-2020e/lib/src/gretl_func.c:6096:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tmp[12];
data/gretl-2020e/lib/src/gretl_func.c:6098:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmp, "%d-%02d-%02d", y, m, d);
data/gretl-2020e/lib/src/gretl_func.c:6583:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *test, valstr[32];
data/gretl-2020e/lib/src/gretl_func.c:6752:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tstr[22] = {0};
data/gretl-2020e/lib/src/gretl_func.c:6779:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(tstr, " *");
data/gretl-2020e/lib/src/gretl_func.c:7067:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s1[FN_NAMELEN];
data/gretl-2020e/lib/src/gretl_func.c:7068:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s2[FN_NAMELEN];
data/gretl-2020e/lib/src/gretl_func.c:7152:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s1[8], s2[16];
data/gretl-2020e/lib/src/gretl_func.c:7774:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char vstr[8];
data/gretl-2020e/lib/src/gretl_func.c:8869:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char formula[MAXLINE];
data/gretl-2020e/lib/src/gretl_func.c:9142:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[MAXLINE];
data/gretl-2020e/lib/src/gretl_func.c:9744:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(p, ".pdf");
data/gretl-2020e/lib/src/gretl_func.c:9928:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, fname[MAXLEN];
data/gretl-2020e/lib/src/gretl_help.c:67:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[128], word[12];
data/gretl-2020e/lib/src/gretl_help.c:138:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[9], line[HELPLEN];
data/gretl-2020e/lib/src/gretl_help.c:181:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[16], line[HELPLEN];
data/gretl-2020e/lib/src/gretl_help.c:245:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fullname[MAXLEN];
data/gretl-2020e/lib/src/gretl_help.c:246:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[128];
data/gretl-2020e/lib/src/gretl_help.c:265:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat(fullname, ".pdf");
data/gretl-2020e/lib/src/gretl_help.c:401:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char helpfile[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_intl.c:199:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gretl_charset[32];
data/gretl-2020e/lib/src/gretl_intl.c:217:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char numstr[6] = {0};
data/gretl-2020e/lib/src/gretl_intl.c:221:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    gretl_cset_maj = atoi(numstr);
data/gretl-2020e/lib/src/gretl_intl.c:225:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		gretl_cset_min = atoi(p);
data/gretl-2020e/lib/src/gretl_intl.c:263:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        gretl_cpage = atoi(p + 1);
data/gretl-2020e/lib/src/gretl_intl.c:274:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char cset[24];
data/gretl-2020e/lib/src/gretl_intl.c:278:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(cset, "CP%d", gretl_cpage);
data/gretl-2020e/lib/src/gretl_intl.c:284:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(cset, "ISO-%d-%d", gretl_cset_maj, gretl_cset_min);
data/gretl-2020e/lib/src/gretl_intl.c:737:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lfix[32];
data/gretl-2020e/lib/src/gretl_intl.c:796:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lfix[32];
data/gretl-2020e/lib/src/gretl_intl.c:807:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tmp[64];
data/gretl-2020e/lib/src/gretl_intl.c:836:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *orig, ocpy[64];
data/gretl-2020e/lib/src/gretl_list.c:673:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(targ, src, n * sizeof *targ);
data/gretl-2020e/lib/src/gretl_list.c:963:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char numstr[16];
data/gretl-2020e/lib/src/gretl_list.c:968:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, " ;");
data/gretl-2020e/lib/src/gretl_list.c:970:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(numstr, " %d", list[i]);
data/gretl-2020e/lib/src/gretl_list.c:1030:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, " ;");
data/gretl-2020e/lib/src/gretl_list.c:1129:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(buf, "unknown");
data/gretl-2020e/lib/src/gretl_list.c:1209:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char numstr[16];
data/gretl-2020e/lib/src/gretl_list.c:1231:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(numstr, "{%d", list[i]);
data/gretl-2020e/lib/src/gretl_list.c:1233:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(numstr, ",%d", list[i]);
data/gretl-2020e/lib/src/gretl_list.c:1712:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char numstr[16];
data/gretl-2020e/lib/src/gretl_list.c:1714:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(numstr, "%d", di);
data/gretl-2020e/lib/src/gretl_list.c:1738:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label[MAXLABEL];
data/gretl-2020e/lib/src/gretl_list.c:1776:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/lib/src/gretl_list.c:2847:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[32];
data/gretl-2020e/lib/src/gretl_list.c:3204:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char chkname[VNAMELEN];
data/gretl-2020e/lib/src/gretl_matrix.c:1198:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(c->z, m->z, n * sizeof *m->z);
data/gretl-2020e/lib/src/gretl_matrix.c:1200:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(c->val, m->val, n * sizeof *m->val);
data/gretl-2020e/lib/src/gretl_matrix.c:1222:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(c->val, m->val, n * sizeof *m->val);
data/gretl-2020e/lib/src/gretl_matrix.c:1269:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(b->val, a->val, sz);
data/gretl-2020e/lib/src/gretl_matrix.c:1525:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(y, x, csize);
data/gretl-2020e/lib/src/gretl_matrix.c:2684:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(targ->val, src->val, n * sizeof *targ->val);
data/gretl-2020e/lib/src/gretl_matrix.c:2729:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(targ->val, src->val, n * sizeof *targ->val);
data/gretl-2020e/lib/src/gretl_matrix.c:2787:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(targ->val, src->val, n * sizeof *targ->val);
data/gretl-2020e/lib/src/gretl_matrix.c:3221:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(val, m->val, sz);
data/gretl-2020e/lib/src/gretl_matrix.c:3396:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(targ->val, src->val, n * sizeof *src->val);
data/gretl-2020e/lib/src/gretl_matrix.c:3425:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(v->val, m->val, n * sizeof *m->val);
data/gretl-2020e/lib/src/gretl_matrix.c:3464:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(targ->val, src->val, n * sizeof *src->val);
data/gretl-2020e/lib/src/gretl_matrix.c:3760:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (envstr != NULL && atoi(envstr) > 0) {
data/gretl-2020e/lib/src/gretl_matrix.c:3764:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (envstr != NULL && atoi(envstr) > 0) {
data/gretl-2020e/lib/src/gretl_matrix.c:4544:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    debug = (envstr != NULL && atoi(envstr) > 0);
data/gretl-2020e/lib/src/gretl_matrix.c:7604:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(a, mval, n * sizeof *a);
data/gretl-2020e/lib/src/gretl_matrix.c:7605:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(q, p->val, plen * sizeof *q);
data/gretl-2020e/lib/src/gretl_matrix.c:9061:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(aval, a->val, bytes);
data/gretl-2020e/lib/src/gretl_matrix.c:9086:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(a->val, aval, bytes);
data/gretl-2020e/lib/src/gretl_matrix.c:9197:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(targ->val, src->val, n * n * sizeof *src->val);
data/gretl-2020e/lib/src/gretl_matrix.c:9756:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(colj, colk, colsize);
data/gretl-2020e/lib/src/gretl_matrix.c:9759:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(tmp, colj, colsize);
data/gretl-2020e/lib/src/gretl_matrix.c:9761:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(colj, colk, colsize);
data/gretl-2020e/lib/src/gretl_matrix.c:9763:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(colk, tmp, colsize);
data/gretl-2020e/lib/src/gretl_matrix.c:9862:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(m->val, z, n*n * sizeof *z);
data/gretl-2020e/lib/src/gretl_matrix.c:11074:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(c->val + b->rows, b->val, n_b * xsize);
data/gretl-2020e/lib/src/gretl_matrix.c:11076:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(c->z + b->rows, b->z, n_b * zsize);
data/gretl-2020e/lib/src/gretl_matrix.c:11090:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(c->val, a->val, n_a * xsize);
data/gretl-2020e/lib/src/gretl_matrix.c:11092:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(c->z, a->z, n_a * zsize);
data/gretl-2020e/lib/src/gretl_matrix.c:11107:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(c->val, a->val, n_a * xsize);
data/gretl-2020e/lib/src/gretl_matrix.c:11108:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(c->val + n_a, b->val, n_b * xsize);
data/gretl-2020e/lib/src/gretl_matrix.c:11111:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(c->z, a->z, n_a * zsize);
data/gretl-2020e/lib/src/gretl_matrix.c:11116:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(c->z + n_a, b->z, n_b * zsize);
data/gretl-2020e/lib/src/gretl_matrix.c:11262:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(a->val + a->rows * k, b->val, bsize);
data/gretl-2020e/lib/src/gretl_matrix.c:12848:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(Yi->val, Y->val + offset, dsize);
data/gretl-2020e/lib/src/gretl_matrix.c:12876:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(B->val, XYq->val, dsize);
data/gretl-2020e/lib/src/gretl_matrix.c:14441:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(targ, src, colsize);
data/gretl-2020e/lib/src/gretl_midas.c:61:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lnam0[VNAMELEN];  /* name of MIDAS list on input */
data/gretl-2020e/lib/src/gretl_midas.c:62:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lname[VNAMELEN];  /* name of MIDAS list */
data/gretl-2020e/lib/src/gretl_midas.c:63:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mname[VNAMELEN];  /* name of initial theta vector */
data/gretl-2020e/lib/src/gretl_midas.c:340:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *p, obs[OBSLEN];
data/gretl-2020e/lib/src/gretl_midas.c:353:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(mset->stobs, "%d:1", atoi(obs));
data/gretl-2020e/lib/src/gretl_midas.c:353:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    sprintf(mset->stobs, "%d:1", atoi(obs));
data/gretl-2020e/lib/src/gretl_midas.c:355:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(mset->stobs, "%d:01", atoi(obs));
data/gretl-2020e/lib/src/gretl_midas.c:355:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    sprintf(mset->stobs, "%d:01", atoi(obs));
data/gretl-2020e/lib/src/gretl_midas.c:513:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    int chk = atoi(mstr);
data/gretl-2020e/lib/src/gretl_midas.c:537:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(mstr, "theta___%d", i+1);
data/gretl-2020e/lib/src/gretl_midas.c:638:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ret = atoi(s);
data/gretl-2020e/lib/src/gretl_midas.c:687:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lname[VNAMELEN];
data/gretl-2020e/lib/src/gretl_midas.c:688:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mname[VNAMELEN];
data/gretl-2020e/lib/src/gretl_midas.c:689:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char p1str[VNAMELEN];
data/gretl-2020e/lib/src/gretl_midas.c:690:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char p2str[VNAMELEN];
data/gretl-2020e/lib/src/gretl_midas.c:691:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char typestr[10];
data/gretl-2020e/lib/src/gretl_midas.c:692:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[64];
data/gretl-2020e/lib/src/gretl_midas.c:703:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fmt, "%%%d[^, ] , %%%d[^, ] , %%%d[^, ] , %%%d[^,) ] , %%%d[^) ])",
data/gretl-2020e/lib/src/gretl_midas.c:717:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fmt, "%%%d[^, ] , %%%d[^,) ] , %%%d[^) ])",
data/gretl-2020e/lib/src/gretl_midas.c:742:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(mname, "theta___%d", i+1);
data/gretl-2020e/lib/src/gretl_midas.c:881:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char test[128];
data/gretl-2020e/lib/src/gretl_midas.c:1058:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(mt->lname, "ML___%d", i+1);
data/gretl-2020e/lib/src/gretl_midas.c:1088:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(mt->lname, "ML___%d", i+1);
data/gretl-2020e/lib/src/gretl_midas.c:1305:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[64], line[MAXLEN];
data/gretl-2020e/lib/src/gretl_midas.c:1316:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tmp, "%+.15g", b[j++]);
data/gretl-2020e/lib/src/gretl_midas.c:1331:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(line, "+lincomb(HFL___,hfb___)");
data/gretl-2020e/lib/src/gretl_midas.c:1415:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(mi->y->val, dset->Z[mi->yno] + dset->t1, mi->colsize);
data/gretl-2020e/lib/src/gretl_midas.c:1453:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(targ, src, mi->colsize);
data/gretl-2020e/lib/src/gretl_midas.c:1496:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(targ, src, mi->colsize);
data/gretl-2020e/lib/src/gretl_midas.c:1582:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(mi->y->val, dset->Z[mi->yno] + dset->t1, mi->colsize);
data/gretl-2020e/lib/src/gretl_midas.c:1831:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(gdset->Z[1], mi->u->val, mi->colsize);
data/gretl-2020e/lib/src/gretl_midas.c:1832:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(gdset->varname[1], "gy");
data/gretl-2020e/lib/src/gretl_midas.c:1845:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(gdset->Z[gvi], dset->Z[vi] + dset->t1, mi->colsize);
data/gretl-2020e/lib/src/gretl_midas.c:1846:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(gdset->varname[gvi], "gx%d", i-1);
data/gretl-2020e/lib/src/gretl_midas.c:1876:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(gdset->Z[zcol], dset->Z[vi] + dset->t1,
data/gretl-2020e/lib/src/gretl_midas.c:1880:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(gdset->varname[zcol], "mdx%d", i+1);
data/gretl-2020e/lib/src/gretl_midas.c:1905:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(gdset->varname[zcol], "mdx%d", i+1);
data/gretl-2020e/lib/src/gretl_midas.c:1938:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(gdset->varname[pos+ii], "grad%dc", ii+1);
data/gretl-2020e/lib/src/gretl_midas.c:1940:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(gdset->varname[pos+ii], "grad%d", ii+1);
data/gretl-2020e/lib/src/gretl_midas.c:2178:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char *cnames[2] = {"coeff", "lag"};
data/gretl-2020e/lib/src/gretl_midas.c:2285:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(mt->mname, "theta___%d", i+1);
data/gretl-2020e/lib/src/gretl_midas.c:2309:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char targ[MAXLEN];
data/gretl-2020e/lib/src/gretl_midas.c:2458:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(XZ->val, X->val, mi->nobs * mi->nx * sizeof(double));
data/gretl-2020e/lib/src/gretl_midas.c:2531:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(y->val, dset->Z[mi->yno] + dset->t1,
data/gretl-2020e/lib/src/gretl_midas.c:2570:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tmp[24];
data/gretl-2020e/lib/src/gretl_midas.c:2575:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(tmp, "bmlc___%d", i + 1);
data/gretl-2020e/lib/src/gretl_midas.c:2629:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "Almon%d", i+1);
data/gretl-2020e/lib/src/gretl_midas.c:2631:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "Beta%d", i+1);
data/gretl-2020e/lib/src/gretl_midas.c:2633:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "Almon%d", i);
data/gretl-2020e/lib/src/gretl_midas.c:2641:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(targ, "U-MIDAS%d", i+1);
data/gretl-2020e/lib/src/gretl_midas.c:2649:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[64], str[2*MAXLEN];
data/gretl-2020e/lib/src/gretl_midas.c:2670:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tmp, "HF_slope%d", i+1);
data/gretl-2020e/lib/src/gretl_midas.c:2672:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(tmp, "HF_slope");
data/gretl-2020e/lib/src/gretl_midas.c:2742:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[64], line[MAXLEN];
data/gretl-2020e/lib/src/gretl_midas.c:2756:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(line, "lincomb(XL___, bx___)");
data/gretl-2020e/lib/src/gretl_midas.c:2761:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmp, " + bmlc___%d*mlc___%d", ++j, i+1);
data/gretl-2020e/lib/src/gretl_midas.c:2763:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmp, " + mlc___%d", i+1);
data/gretl-2020e/lib/src/gretl_midas.c:2789:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(line, "deriv bx___ = MX___");
data/gretl-2020e/lib/src/gretl_midas.c:2795:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(line, "deriv bmlc___%d = {mlc___%d}", i+1, i+1);
data/gretl-2020e/lib/src/gretl_midas.c:2936:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tmp[24];
data/gretl-2020e/lib/src/gretl_midas.c:2938:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmp, "mgr___%d", i+1);
data/gretl-2020e/lib/src/gretl_model.c:69:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char str[CSLEN];
data/gretl-2020e/lib/src/gretl_model.c:219:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(item->ptr, orig->ptr, orig->size);
data/gretl-2020e/lib/src/gretl_model.c:923:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    int lag = atoi(++p);
data/gretl-2020e/lib/src/gretl_model.c:925:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(cname, "ut^2(-%d)", lag);
data/gretl-2020e/lib/src/gretl_model.c:936:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "u_%d", pmod->arinfo->arlist[k+1]);
data/gretl-2020e/lib/src/gretl_model.c:938:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(targ, "unknown");
data/gretl-2020e/lib/src/gretl_model.c:993:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(targ, "alpha(%d)", i - pmod->ncoeff);
data/gretl-2020e/lib/src/gretl_model.c:1005:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(targ, "unknown");
data/gretl-2020e/lib/src/gretl_model.c:1027:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char targ[VNAMELEN];
data/gretl-2020e/lib/src/gretl_model.c:1054:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pname[VNAMELEN], tmp[VNAMELEN];
data/gretl-2020e/lib/src/gretl_model.c:1062:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(pname, "const");
data/gretl-2020e/lib/src/gretl_model.c:1150:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pname[24];
data/gretl-2020e/lib/src/gretl_model.c:2953:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char varname[VNAMELEN];
data/gretl-2020e/lib/src/gretl_model.c:3070:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pmod->coeff, b, sz);
data/gretl-2020e/lib/src/gretl_model.c:4251:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ordstr[16];
data/gretl-2020e/lib/src/gretl_model.c:4259:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(ordstr, "%d", test->order);
data/gretl-2020e/lib/src/gretl_model.c:4388:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(str, "LM = %g", test->value);
data/gretl-2020e/lib/src/gretl_model.c:4393:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(str, "$F(%d, %g)$ = %g", test->dfn, test->dfd, test->value);
data/gretl-2020e/lib/src/gretl_model.c:4395:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(str, "F(%d, %g) = %g", test->dfn, test->dfd, test->value);
data/gretl-2020e/lib/src/gretl_model.c:4408:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(str, "LMF = %g", test->value);
data/gretl-2020e/lib/src/gretl_model.c:4412:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(str, "Welch $F(%d, %.1f)$ = %g", test->dfn, test->dfd, test->value);
data/gretl-2020e/lib/src/gretl_model.c:4414:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(str, "Welch F(%d, %.1f) = %g", test->dfn, test->dfd, test->value);
data/gretl-2020e/lib/src/gretl_model.c:4419:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(str, "Harvey--Collier $t(%d)$ = %g", test->dfn, test->value);
data/gretl-2020e/lib/src/gretl_model.c:4421:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(str, "Harvey-Collier t(%d) = %g", test->dfn, test->value);
data/gretl-2020e/lib/src/gretl_model.c:4426:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(str, "$\\chi^2(2)$ = %g", test->value);
data/gretl-2020e/lib/src/gretl_model.c:4438:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(str, "$\\chi^2(%d)$ = %g", test->dfn, test->value);
data/gretl-2020e/lib/src/gretl_model.c:4451:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(str, "$z$ = %g", test->value);
data/gretl-2020e/lib/src/gretl_model.c:4453:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(str, "z = %g", test->value);
data/gretl-2020e/lib/src/gretl_model.c:4458:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(str, "$t$(%d) = %g", test->dfn, test->value);
data/gretl-2020e/lib/src/gretl_model.c:4460:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(str, "t(%d) = %g", test->dfn, test->value);
data/gretl-2020e/lib/src/gretl_model.c:4475:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	if (tex) sprintf(str, "$P$($\\chi^2(%d) >$ %g) = %g",
data/gretl-2020e/lib/src/gretl_model.c:4483:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(str, "$P$($F(%d, %g) >$ %g) = %g",
data/gretl-2020e/lib/src/gretl_model.c:4486:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(str, "P(F(%d, %g) > %g) = %g",
data/gretl-2020e/lib/src/gretl_model.c:4492:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(str, "$P$($F(%d, %.1f) >$ %g) = %g",
data/gretl-2020e/lib/src/gretl_model.c:4495:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(str, "P(F(%d, %.1f) > %g) = %g",
data/gretl-2020e/lib/src/gretl_model.c:4501:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(str, "$P$($F(%d, %g) >$ %g) = %g",
data/gretl-2020e/lib/src/gretl_model.c:4504:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(str, "P(F(%d, %g) > %g) = %g",
data/gretl-2020e/lib/src/gretl_model.c:4510:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(str, "$P$($t_{%d} >$ %g) = %g",
data/gretl-2020e/lib/src/gretl_model.c:4513:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(str, "P(t(%d) > %g) = %g",
data/gretl-2020e/lib/src/gretl_model.c:4519:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(str, "$P$($|t| >$ %g) = %g",
data/gretl-2020e/lib/src/gretl_model.c:4522:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(str, "P(|t| > %g) = %g",
data/gretl-2020e/lib/src/gretl_model.c:4534:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(str, "NA");
data/gretl-2020e/lib/src/gretl_model.c:4536:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(str, "%g", test->pvalue);
data/gretl-2020e/lib/src/gretl_model.c:4603:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[512];
data/gretl-2020e/lib/src/gretl_model.c:4649:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf, _("%g percent critical value"), a);
data/gretl-2020e/lib/src/gretl_model.c:5016:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bkey[VNAMELEN];
data/gretl-2020e/lib/src/gretl_model.c:5825:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	pmod->ci = atoi(buf);
data/gretl-2020e/lib/src/gretl_model.c:6320:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char numstr[8];
data/gretl-2020e/lib/src/gretl_model.c:6325:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(buf, "; ");
data/gretl-2020e/lib/src/gretl_model.c:6327:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(numstr, "%d ", list[i]);
data/gretl-2020e/lib/src/gretl_model.c:6623:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(pmod->params[j++], "phi_%d", i + 1);
data/gretl-2020e/lib/src/gretl_model.c:6628:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(pmod->params[j++], "Phi_%d", i + 1);
data/gretl-2020e/lib/src/gretl_model.c:6633:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(pmod->params[j++], "theta_%d", i + 1);
data/gretl-2020e/lib/src/gretl_model.c:6638:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(pmod->params[j++], "Theta_%d", i + 1);
data/gretl-2020e/lib/src/gretl_model.c:6689:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(pmod->params[i], "ahat_%d", ulist[j++]);
data/gretl-2020e/lib/src/gretl_model.c:6691:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(pmod->params[i], "ahat_%d", j++);
data/gretl-2020e/lib/src/gretl_model.c:7444:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char v1str[VNAMELEN], v2str[VNAMELEN];
data/gretl-2020e/lib/src/gretl_model.c:7445:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[16];
data/gretl-2020e/lib/src/gretl_model.c:7454:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(fmt, "%%%d[^,],%%%ds", VNAMELEN-1, VNAMELEN-1);
data/gretl-2020e/lib/src/gretl_model.c:7521:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int k = atoi(s);
data/gretl-2020e/lib/src/gretl_mpi.c:220:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[BUFSIZ];
data/gretl-2020e/lib/src/gretl_mpi.c:997:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char key[32];
data/gretl-2020e/lib/src/gretl_mpi.c:999:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msgbuf[64];
data/gretl-2020e/lib/src/gretl_mpi.c:1766:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msgbuf[64];
data/gretl-2020e/lib/src/gretl_mpi.c:1834:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char key[32];
data/gretl-2020e/lib/src/gretl_mpi.c:1835:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msgbuf[64];
data/gretl-2020e/lib/src/gretl_mpi.c:1953:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((*pm)->val, val, n);
data/gretl-2020e/lib/src/gretl_mpi.c:2217:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pos, MATRIX_ID, IDLEN);
data/gretl-2020e/lib/src/gretl_mpi.c:2219:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pos, &m->rows, sizeof m->rows);
data/gretl-2020e/lib/src/gretl_mpi.c:2221:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pos, &m->cols, sizeof m->cols);
data/gretl-2020e/lib/src/gretl_mpi.c:2223:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pos, m->val, vsize);
data/gretl-2020e/lib/src/gretl_mpi.c:2246:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[IDLEN] = {0};
data/gretl-2020e/lib/src/gretl_mpi.c:2297:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buf, pos, IDLEN);
data/gretl-2020e/lib/src/gretl_mpi.c:2300:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(&r, pos, sizeof r);
data/gretl-2020e/lib/src/gretl_mpi.c:2302:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(&c, pos, sizeof c);
data/gretl-2020e/lib/src/gretl_mpi.c:2321:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(m->val, ptr + isize, vsize);
data/gretl-2020e/lib/src/gretl_mpi.c:2413:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pos, MATRIX_ID, IDLEN);
data/gretl-2020e/lib/src/gretl_mpi.c:2415:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pos, &m->rows, sizeof m->rows);
data/gretl-2020e/lib/src/gretl_mpi.c:2417:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pos, &m->cols, sizeof m->cols);
data/gretl-2020e/lib/src/gretl_mpi.c:2419:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pos, m->val, vsize);
data/gretl-2020e/lib/src/gretl_mpi.c:2442:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[IDLEN] = {0};
data/gretl-2020e/lib/src/gretl_mpi.c:2468:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buf, pos, IDLEN);
data/gretl-2020e/lib/src/gretl_mpi.c:2471:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(&r, pos, sizeof r);
data/gretl-2020e/lib/src/gretl_mpi.c:2473:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(&c, pos, sizeof c);
data/gretl-2020e/lib/src/gretl_mpi.c:2493:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(m->val, ptr + isize, vsize);
data/gretl-2020e/lib/src/gretl_panel.c:104:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char glsmat[MAXLEN];
data/gretl-2020e/lib/src/gretl_panel.c:3708:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dname[VNAMELEN];
data/gretl-2020e/lib/src/gretl_panel.c:3726:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(dname, "dt_%d", i);
data/gretl-2020e/lib/src/gretl_panel.c:4082:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(dset->varname[dset->v - 1], "unit_wt");
data/gretl-2020e/lib/src/gretl_panel.c:4640:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dset->varname[vi], "uhat");
data/gretl-2020e/lib/src/gretl_panel.c:4659:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(dset->varname[ulist[i]], "uhat(-1)");
data/gretl-2020e/lib/src/gretl_panel.c:4769:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dset->varname[vi], "uhat");
data/gretl-2020e/lib/src/gretl_panel.c:4780:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(dset->varname[dlist[2]], "uhat(-1)");
data/gretl-2020e/lib/src/gretl_panel.c:5470:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(dset->Z[i], Zi, real_n * sizeof *Zi);
data/gretl-2020e/lib/src/gretl_panel.c:5594:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char si[OBSLEN];
data/gretl-2020e/lib/src/gretl_panel.c:6157:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char unit[OBSLEN], period[OBSLEN];
data/gretl-2020e/lib/src/gretl_panel.c:6160:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    if (atoi(period) == dset->pd) {
data/gretl-2020e/lib/src/gretl_panel.c:6171:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[VNAMELEN];
data/gretl-2020e/lib/src/gretl_paths.c:59:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gretldir[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:60:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dotdir[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:61:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char workdir[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:62:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gnuplot[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:63:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char plotfile[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:64:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char plugpath[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:65:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char binbase[MAXLEN+4];
data/gretl-2020e/lib/src/gretl_paths.c:66:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char x12a[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:67:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char x12adir[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:68:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tramo[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:69:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tramodir[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:70:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rbinpath[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:71:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rlibpath[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:72:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char oxlpath[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:73:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char octpath[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:74:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char statapath[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:75:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pypath[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:76:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char jlpath[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:77:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mpiexec[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:78:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mpi_hosts[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:79:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dbhost[32];
data/gretl-2020e/lib/src/gretl_paths.c:80:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pngfont[128];
data/gretl-2020e/lib/src/gretl_paths.c:130:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char hpath[MAXLEN+18];
data/gretl-2020e/lib/src/gretl_paths.c:187:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char test[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:296:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen(fname, mode);
data/gretl-2020e/lib/src/gretl_paths.c:299:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(fname, mode);
data/gretl-2020e/lib/src/gretl_paths.c:338:7:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	fd = mkstemp(pattern);
data/gretl-2020e/lib/src/gretl_paths.c:341:10:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
    fd = mkstemp(pattern);
data/gretl-2020e/lib/src/gretl_paths.c:392:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(fname, mode);
data/gretl-2020e/lib/src/gretl_paths.c:434:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(pathname, flags, m);
data/gretl-2020e/lib/src/gretl_paths.c:437:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(pathname, flags, m);
data/gretl-2020e/lib/src/gretl_paths.c:994:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[6];
data/gretl-2020e/lib/src/gretl_paths.c:1028:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:1058:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:1106:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(targ, "\\*");
data/gretl-2020e/lib/src/gretl_paths.c:1130:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char finddir[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:1157:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:1202:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:1221:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char finddir[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:1246:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char orig[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:1314:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dirname[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:1406:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_paths.c:1424:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *p, test[NAME_MAX+1];
data/gretl-2020e/lib/src/gretl_paths.c:1490:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_paths.c:1652:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char orig[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:1707:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char trydir[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:1868:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tmp[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:1884:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *p, pkgname[64];
data/gretl-2020e/lib/src/gretl_paths.c:2047:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(paths.plugpath, "lib");
data/gretl-2020e/lib/src/gretl_paths.c:2066:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dirname[MAXLEN+128];
data/gretl-2020e/lib/src/gretl_paths.c:2145:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:2153:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(s + n - 9, "seats.exe");
data/gretl-2020e/lib/src/gretl_paths.c:2159:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(s + n - 5, "seats");
data/gretl-2020e/lib/src/gretl_paths.c:2173:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char bindir[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:2182:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(p, "bin/");
data/gretl-2020e/lib/src/gretl_paths.c:2189:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(p, "bin\\");
data/gretl-2020e/lib/src/gretl_paths.c:2219:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(paths.plugpath, "lib");
data/gretl-2020e/lib/src/gretl_paths.c:2251:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char default_workdir[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:2275:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char default_workdir[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:2335:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char testname[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_paths.c:2434:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[MAX_PATH];
data/gretl-2020e/lib/src/gretl_paths.c:2654:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:2670:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(paths.gretldir, "share");
data/gretl-2020e/lib/src/gretl_paths.c:2672:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(paths.gretldir, "gretl");
data/gretl-2020e/lib/src/gretl_paths.c:2694:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char testname[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_paths.c:2739:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(paths.gretldir, "share/gretl/");
data/gretl-2020e/lib/src/gretl_paths.c:2783:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(paths.gretldir, "/share/gretl/");
data/gretl-2020e/lib/src/gretl_paths.c:3048:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(targ, "ricardo.ecn.wfu.edu");
data/gretl-2020e/lib/src/gretl_paths.c:3060:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(targ, "C:\\Octave-3.6.4\\bin\\octave.exe");
data/gretl-2020e/lib/src/gretl_paths.c:3064:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(targ, "python.exe");
data/gretl-2020e/lib/src/gretl_paths.c:3066:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(targ, "julia.exe");
data/gretl-2020e/lib/src/gretl_paths.c:3068:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(targ, "mpiexec.exe");
data/gretl-2020e/lib/src/gretl_paths.c:3073:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(targ, "SimSun 8");
data/gretl-2020e/lib/src/gretl_paths.c:3075:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(targ, "Meiryo 8");
data/gretl-2020e/lib/src/gretl_paths.c:3077:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(targ, "verdana 8");
data/gretl-2020e/lib/src/gretl_paths.c:3139:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(targ, "ricardo.ecn.wfu.edu");
data/gretl-2020e/lib/src/gretl_paths.c:3144:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(targ, "gnuplot");
data/gretl-2020e/lib/src/gretl_paths.c:3148:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(targ, "x12a");
data/gretl-2020e/lib/src/gretl_paths.c:3154:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(targ, "tramo");
data/gretl-2020e/lib/src/gretl_paths.c:3173:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(paths.pypath, "python");
data/gretl-2020e/lib/src/gretl_paths.c:3175:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(paths.jlpath, "julia");
data/gretl-2020e/lib/src/gretl_paths.c:3178:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(paths.mpiexec, "/opt/openmpi/bin/mpiexec");
data/gretl-2020e/lib/src/gretl_paths.c:3180:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(paths.mpiexec, "mpiexec");
data/gretl-2020e/lib/src/gretl_paths.c:3186:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(targ, "Sans 10"); /* was 13, why? */
data/gretl-2020e/lib/src/gretl_paths.c:3189:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(targ, "NSimSun 10");
data/gretl-2020e/lib/src/gretl_paths.c:3191:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(targ, "Vera 9");
data/gretl-2020e/lib/src/gretl_paths.c:3359:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_paths.c:3397:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullname[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_paths.c:3413:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_paths.c:3414:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char split[3] = "/";
data/gretl-2020e/lib/src/gretl_paths.c:3415:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char slash[2] = "/";
data/gretl-2020e/lib/src/gretl_paths.c:3435:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(split, "\\/");
data/gretl-2020e/lib/src/gretl_paths.c:3567:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cstr[2][8];
data/gretl-2020e/lib/src/gretl_paths.c:3611:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[MAXLEN], key[32], val[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.c:3725:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(rcfile, ".gretl2rc");
data/gretl-2020e/lib/src/gretl_paths.c:3738:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rcfile[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_paths.c:3739:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dbproxy[PROXLEN] = {0};
data/gretl-2020e/lib/src/gretl_paths.c:3790:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char suppdir[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_paths.c:3809:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(p, "data");
data/gretl-2020e/lib/src/gretl_paths.c:3813:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(p, "db");
data/gretl-2020e/lib/src/gretl_paths.c:3882:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char path[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_paths.h:53:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gretldir[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.h:54:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char workdir[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.h:56:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gnuplot[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.h:58:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char x12a[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.h:59:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tramo[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.h:60:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rbinpath[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.h:61:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rlibpath[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.h:62:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char oxlpath[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.h:63:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char octpath[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.h:64:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char statapath[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.h:65:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pypath[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.h:66:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char jlpath[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.h:67:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mpiexec[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.h:68:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mpi_hosts[MAXLEN];
data/gretl-2020e/lib/src/gretl_paths.h:69:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dbhost[64];
data/gretl-2020e/lib/src/gretl_paths.h:70:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pngfont[128];
data/gretl-2020e/lib/src/gretl_plot.c:143:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(literal, "{ ");
data/gretl-2020e/lib/src/gretl_plot.c:146:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(literal, "; ");
data/gretl-2020e/lib/src/gretl_plot.c:469:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char field[256];
data/gretl-2020e/lib/src/gretl_prn.c:674:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[128];
data/gretl-2020e/lib/src/gretl_prn.c:865:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[4];
data/gretl-2020e/lib/src/gretl_prn.c:867:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(test, "%.1f", 1.0);
data/gretl-2020e/lib/src/gretl_prn.c:1251:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s[2] = {c, '\0'};
data/gretl-2020e/lib/src/gretl_restrict.c:844:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s1[VNAMELEN] = {0};
data/gretl-2020e/lib/src/gretl_restrict.c:845:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s2[VNAMELEN] = {0};
data/gretl-2020e/lib/src/gretl_restrict.c:1000:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tmp[VNAMELEN];
data/gretl-2020e/lib/src/gretl_restrict.c:1020:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char test[VNAMELEN];
data/gretl-2020e/lib/src/gretl_restrict.c:1252:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char letter, vname[VNAMELEN];
data/gretl-2020e/lib/src/gretl_restrict.c:1617:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mname[VNAMELEN];
data/gretl-2020e/lib/src/gretl_restrict.c:1672:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[FN_NAMELEN];
data/gretl-2020e/lib/src/gretl_restrict.c:1777:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char chunk[36];
data/gretl-2020e/lib/src/gretl_restrict.c:2718:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fncall[64];
data/gretl-2020e/lib/src/gretl_restrict.c:2929:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[MAXLEN];
data/gretl-2020e/lib/src/gretl_restrict.c:2930:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bstr[36];
data/gretl-2020e/lib/src/gretl_restrict.c:2964:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(line, " + ");
data/gretl-2020e/lib/src/gretl_restrict.c:2966:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(line, " = 0");
data/gretl-2020e/lib/src/gretl_string_table.c:605:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		dset->Z[i][t] = (double) atoi(s);
data/gretl-2020e/lib/src/gretl_string_table.c:634:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stname[MAXLEN];
data/gretl-2020e/lib/src/gretl_string_table.c:657:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(stname, "string_table.txt");
data/gretl-2020e/lib/src/gretl_string_table.c:835:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[VNAMELEN];
data/gretl-2020e/lib/src/gretl_string_table.c:1057:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char datestr[OBSLEN] = {0};
data/gretl-2020e/lib/src/gretl_string_table.c:1096:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullname[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_string_table.c:1213:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sname[VNAMELEN];
data/gretl-2020e/lib/src/gretl_untar.c:34:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[100];		/*   0 */
data/gretl-2020e/lib/src/gretl_untar.c:35:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mode[8];               /* 100 */
data/gretl-2020e/lib/src/gretl_untar.c:36:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char uid[8];                /* 108 */
data/gretl-2020e/lib/src/gretl_untar.c:37:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gid[8];                /* 116 */
data/gretl-2020e/lib/src/gretl_untar.c:38:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char size[12];		/* 124 */
data/gretl-2020e/lib/src/gretl_untar.c:39:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mtime[12];		/* 136 */
data/gretl-2020e/lib/src/gretl_untar.c:40:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char chksum[8];		/* 148 */
data/gretl-2020e/lib/src/gretl_untar.c:42:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char linkname[100];		/* 157 */
data/gretl-2020e/lib/src/gretl_untar.c:43:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char magic[6];		/* 257 */
data/gretl-2020e/lib/src/gretl_untar.c:44:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char version[2];		/* 263 */
data/gretl-2020e/lib/src/gretl_untar.c:45:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char uname[32];		/* 265 */
data/gretl-2020e/lib/src/gretl_untar.c:46:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gname[32];		/* 297 */
data/gretl-2020e/lib/src/gretl_untar.c:47:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char devmajor[8];		/* 329 */
data/gretl-2020e/lib/src/gretl_untar.c:48:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char devminor[8];		/* 337 */
data/gretl-2020e/lib/src/gretl_untar.c:49:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char prefix[155];		/* 345 */
data/gretl-2020e/lib/src/gretl_untar.c:53:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BLOCKSIZE];
data/gretl-2020e/lib/src/gretl_untar.c:88:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[BLOCKSIZE];
data/gretl-2020e/lib/src/gretl_utils.c:839:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fmt[18];
data/gretl-2020e/lib/src/gretl_utils.c:842:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fmt, "%%d%c%%0%dd", sep, minlen);
data/gretl-2020e/lib/src/gretl_utils.c:845:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(obs, "%d%c%d", maj, sep, min);
data/gretl-2020e/lib/src/gretl_utils.c:987:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stobs[OBSLEN];
data/gretl-2020e/lib/src/gretl_utils.c:1035:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	sd0 = (double) atoi(stobs);
data/gretl-2020e/lib/src/gretl_utils.c:1051:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(stobs, "%d", maj);
data/gretl-2020e/lib/src/gretl_utils.c:1470:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (atoi(version) >= 2015) {
data/gretl-2020e/lib/src/gretl_utils.c:1553:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "%d%c", y, c);
data/gretl-2020e/lib/src/gretl_utils.c:1566:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "%d.%d.%d", x, y, z);
data/gretl-2020e/lib/src/gretl_utils.c:1654:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(targ, src, sz);
data/gretl-2020e/lib/src/gretl_utils.c:1955:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[8192];
data/gretl-2020e/lib/src/gretl_utils.c:1987:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, pkgname[FN_NAMELEN+4];
data/gretl-2020e/lib/src/gretl_utils.c:2164:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char OB_core[32];
data/gretl-2020e/lib/src/gretl_utils.c:2165:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char OB_parallel[12];
data/gretl-2020e/lib/src/gretl_utils.c:2171:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char found[4] = {0};
data/gretl-2020e/lib/src/gretl_utils.c:2172:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[512];
data/gretl-2020e/lib/src/gretl_utils.c:2289:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(OB_parallel, "none");
data/gretl-2020e/lib/src/gretl_utils.c:2291:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(OB_parallel, "pthreads");
data/gretl-2020e/lib/src/gretl_utils.c:2293:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(OB_parallel, "OpenMP");
data/gretl-2020e/lib/src/gretl_utils.c:3041:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[GRETL_ZBUFSIZ];
data/gretl-2020e/lib/src/gretl_utils.c:3069:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[GRETL_ZBUFSIZ];
data/gretl-2020e/lib/src/gretl_win32.c:135:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char netfile[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_win32.c:146:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(netfile, "gretlnet.txt");
data/gretl-2020e/lib/src/gretl_win32.c:198:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dbproxy[64] = {0};
data/gretl-2020e/lib/src/gretl_win32.c:777:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buf[BUFSIZE];
data/gretl-2020e/lib/src/gretl_win32.c:1295:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char version[8], path[32];
data/gretl-2020e/lib/src/gretl_win32.c:1317:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(s, "R.exe");
data/gretl-2020e/lib/src/gretl_win32.c:1319:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(s, "Rgui.exe");
data/gretl-2020e/lib/src/gretl_win32.c:1321:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(s, "Rterm.exe");
data/gretl-2020e/lib/src/gretl_win32.c:1323:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(s, "R.dll");
data/gretl-2020e/lib/src/gretl_win32.c:1353:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(s, "\\bin\\");
data/gretl-2020e/lib/src/gretl_win32.c:1401:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[MAXLEN];
data/gretl-2020e/lib/src/gretl_win32.c:1657:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[6];
data/gretl-2020e/lib/src/gretl_win32.c:1916:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[5] = {0};
data/gretl-2020e/lib/src/gretl_win32.c:1937:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[5];
data/gretl-2020e/lib/src/gretl_win32.c:2080:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char console_charset[16] = {0};
data/gretl-2020e/lib/src/gretl_win32.c:2082:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(console_charset, "CP%d", (int) CP);
data/gretl-2020e/lib/src/gretl_www.c:54:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char dbhost[DBHLEN]       = "ricardo.ecn.wfu.edu";
data/gretl-2020e/lib/src/gretl_www.c:55:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gretlhost[DBHLEN]    = "ricardo.ecn.wfu.edu";
data/gretl-2020e/lib/src/gretl_www.c:56:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char datacgi[DBHLEN]      = "/gretl/cgi-bin/gretldata.cgi";
data/gretl-2020e/lib/src/gretl_www.c:57:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char updatecgi[DBHLEN]    = "/cgi-bin/gretl_update.cgi";
data/gretl-2020e/lib/src/gretl_www.c:58:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char manual_path[DBHLEN]  = "/project/gretl/manual/";
data/gretl-2020e/lib/src/gretl_www.c:59:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char dataset_path[DBHLEN] = "/project/gretl/datafiles/";
data/gretl-2020e/lib/src/gretl_www.c:60:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char datapkg_list[DBHLEN] = "/addons-data/datapkgs.txt";
data/gretl-2020e/lib/src/gretl_www.c:63:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char dbserver[DBHLEN]     = "gretl.sourceforge.net";
data/gretl-2020e/lib/src/gretl_www.c:64:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char dbcgi[DBHLEN]        = "/cgi-bin/gretldata.cgi";
data/gretl-2020e/lib/src/gretl_www.c:66:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char dbserver[DBHLEN]     = "ricardo.ecn.wfu.edu";
data/gretl-2020e/lib/src/gretl_www.c:70:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char proxyhost[128];
data/gretl-2020e/lib/src/gretl_www.c:72:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char sffiles[DBHLEN] = "downloads.sourceforge.net";
data/gretl-2020e/lib/src/gretl_www.c:73:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char sfweb[DBHLEN]   = "gretl.sourceforge.net";
data/gretl-2020e/lib/src/gretl_www.c:76:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char certs_path[MAXLEN];
data/gretl-2020e/lib/src/gretl_www.c:84:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char url[URLLEN];        /* the URL */
data/gretl-2020e/lib/src/gretl_www.c:92:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char agent[32];          /* user-agent string */
data/gretl-2020e/lib/src/gretl_www.c:273:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(u->getbuf + u->datalen, buf, bgot);
data/gretl-2020e/lib/src/gretl_www.c:356:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(u->url, "?opt=");
data/gretl-2020e/lib/src/gretl_www.c:362:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(u->url, "&fname=");
data/gretl-2020e/lib/src/gretl_www.c:364:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(u->url, "&dbase=");
data/gretl-2020e/lib/src/gretl_www.c:370:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(u->url, "&series=");
data/gretl-2020e/lib/src/gretl_www.c:375:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fstr[12];
data/gretl-2020e/lib/src/gretl_www.c:377:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fstr, "%d", filter);
data/gretl-2020e/lib/src/gretl_www.c:378:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(u->url, "&filter=");
data/gretl-2020e/lib/src/gretl_www.c:405:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(certs_path, "c:/msys64/mingw64/share/curl/curl-ca-bundle.crt");
data/gretl-2020e/lib/src/gretl_www.c:692:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(u.url, "?opt=MANUAL_QUERY");
data/gretl-2020e/lib/src/gretl_www.c:694:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(u.url, "?opt=QUERY");
data/gretl-2020e/lib/src/gretl_www.c:716:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sizestr[32];
data/gretl-2020e/lib/src/gretl_www.c:757:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(sizestr, "%d", (int) buflen);
data/gretl-2020e/lib/src/gretl_www.c:820:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buf, ul->data, ul->length);
data/gretl-2020e/lib/src/gretl_www.c:824:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buf, ul->data, bufmax);
data/gretl-2020e/lib/src/gretl_www.c:1000:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buf[128] = {0};
data/gretl-2020e/lib/src/gretl_www.c:1090:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmp[64];
data/gretl-2020e/lib/src/gretl_www.c:1106:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, pkgdir[16];
data/gretl-2020e/lib/src/gretl_www.c:1362:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	mem = memcpy(mem + out->written, buf, sz);
data/gretl-2020e/lib/src/gretl_xml.c:67:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buf[BUFLEN];
data/gretl-2020e/lib/src/gretl_xml.c:88:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fp = fopen(fname, "r");
data/gretl-2020e/lib/src/gretl_xml.c:731:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	*u = (unsigned char) atoi((const char *) tmp);
data/gretl-2020e/lib/src/gretl_xml.c:863:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	*i = atoi((const char *) tmp);
data/gretl-2020e/lib/src/gretl_xml.c:1149:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    n = atoi((const char *) tmp);
data/gretl-2020e/lib/src/gretl_xml.c:1418:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    n = atoi((const char *) tmp);
data/gretl-2020e/lib/src/gretl_xml.c:1747:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		mask[i] = atoi(s);
data/gretl-2020e/lib/src/gretl_xml.c:1785:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datname[MAXLEN];
data/gretl-2020e/lib/src/gretl_xml.c:1955:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char header[BIN_HDRLEN] = {0};
data/gretl-2020e/lib/src/gretl_xml.c:1959:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(header, "gretl-bin:little-endian");
data/gretl-2020e/lib/src/gretl_xml.c:1961:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(header, "gretl-bin:big-endian");
data/gretl-2020e/lib/src/gretl_xml.c:2071:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hdr[BIN_HDRLEN] = {0};
data/gretl-2020e/lib/src/gretl_xml.c:2185:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[32];
data/gretl-2020e/lib/src/gretl_xml.c:2191:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(s, "% .14e", x[t]);
data/gretl-2020e/lib/src/gretl_xml.c:2268:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(x, dset->Z[v] + dset->t1, ss->sz);
data/gretl-2020e/lib/src/gretl_xml.c:2305:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(dset->Z[v] + dset->t1, x, ss->sz);
data/gretl-2020e/lib/src/gretl_xml.c:2321:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char startdate[OBSLEN], enddate[OBSLEN];
data/gretl-2020e/lib/src/gretl_xml.c:2322:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datname[MAXLEN], freqstr[32];
data/gretl-2020e/lib/src/gretl_xml.c:2323:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char numstr[128], xmlbuf[1024];
data/gretl-2020e/lib/src/gretl_xml.c:2409:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(xmlbuf, "unknown");
data/gretl-2020e/lib/src/gretl_xml.c:2413:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(freqstr, "special:%d", dset->pd);
data/gretl-2020e/lib/src/gretl_xml.c:2415:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(freqstr, "%d", dset->pd);
data/gretl-2020e/lib/src/gretl_xml.c:2611:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(numstr, "NA ");
data/gretl-2020e/lib/src/gretl_xml.c:2614:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(numstr, "%.*g ", gdt_digits, dset->Z[v][t]);
data/gretl-2020e/lib/src/gretl_xml.c:2616:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(numstr, "%.15g ", dset->Z[v][t]);
data/gretl-2020e/lib/src/gretl_xml.c:2624:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(numstr, "%d %d ", unit, time);
data/gretl-2020e/lib/src/gretl_xml.c:2726:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char xmlfile[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_xml.c:2857:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		series_set_lag(dset, i, atoi((char *) tmp));
data/gretl-2020e/lib/src/gretl_xml.c:2888:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		int mpd = atoi((char *) tmp);
data/gretl-2020e/lib/src/gretl_xml.c:2897:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		int mpc = atoi((char *) tmp);
data/gretl-2020e/lib/src/gretl_xml.c:2906:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		int opd = atoi((char *) tmp);
data/gretl-2020e/lib/src/gretl_xml.c:3029:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		series_set_lag(dset, k, atoi((char *) tmp));
data/gretl-2020e/lib/src/gretl_xml.c:3053:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		int mpd = atoi((char *) tmp);
data/gretl-2020e/lib/src/gretl_xml.c:3062:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		int mpf = atoi((char *) tmp);
data/gretl-2020e/lib/src/gretl_xml.c:3203:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(dset->endobs, "%d", dset->n);
data/gretl-2020e/lib/src/gretl_xml.c:3355:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(dset->endobs, "%d", dset->n);
data/gretl-2020e/lib/src/gretl_xml.c:3551:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	pd = atoi((const char *) tmp);
data/gretl-2020e/lib/src/gretl_xml.c:3652:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char obstr[OBSLEN];
data/gretl-2020e/lib/src/gretl_xml.c:3702:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char obstr[OBSLEN];
data/gretl-2020e/lib/src/gretl_xml.c:3763:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pm, fmt[20], vname[VNAMELEN];
data/gretl-2020e/lib/src/gretl_xml.c:3770:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(fmt, "= %%%d[^(](t %%c %%d)", VNAMELEN - 1);
data/gretl-2020e/lib/src/gretl_xml.c:3783:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/lib/src/gretl_xml.c:3851:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dset->varname[1], "index");
data/gretl-2020e/lib/src/gretl_xml.c:4418:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char xmlfile[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_xml.c:4466:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char xmlfile[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_xml.c:4517:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char xmlfile[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_zip.c:219:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullname[FILENAME_MAX];
data/gretl-2020e/lib/src/gretl_zip.c:595:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pkgbase[FILENAME_MAX];
data/gretl-2020e/lib/src/interact.c:118:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[MAXLINE];
data/gretl-2020e/lib/src/interact.c:211:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char word[VNAMELEN] = {0};
data/gretl-2020e/lib/src/interact.c:212:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fmt[20];
data/gretl-2020e/lib/src/interact.c:214:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fmt, "%%%d[^[ .+*/%%^~|=-]", VNAMELEN - 1);
data/gretl-2020e/lib/src/interact.c:363:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char shellnam[40];
data/gretl-2020e/lib/src/interact.c:487:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[SAFELEN];
data/gretl-2020e/lib/src/interact.c:595:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[TESTLEN];
data/gretl-2020e/lib/src/interact.c:852:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[TESTLEN];
data/gretl-2020e/lib/src/interact.c:1075:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char savename[MAXLEN];
data/gretl-2020e/lib/src/interact.c:1169:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char outname[FILENAME_MAX];
data/gretl-2020e/lib/src/interact.c:1271:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[MAXLEN];
data/gretl-2020e/lib/src/interact.c:1458:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[MAXLINE];
data/gretl-2020e/lib/src/interact.c:1612:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/lib/src/interact.c:1873:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		midas_pd = atoi(param);
data/gretl-2020e/lib/src/interact.c:2308:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char genline[64];
data/gretl-2020e/lib/src/interact.c:2478:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fname[FILENAME_MAX];
data/gretl-2020e/lib/src/interact.c:3046:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char readfile[MAXLEN];
data/gretl-2020e/lib/src/kalman.c:1558:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char test[VNAMELEN+1];
data/gretl-2020e/lib/src/kalman.c:3909:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *kalman_output_matrix_names[K_N_OUTPUTS] = {
data/gretl-2020e/lib/src/kalman.c:3948:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *kalman_output_scalar_names[K_N_SCALARS] = {
data/gretl-2020e/lib/src/laginfo.c:368:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[32];
data/gretl-2020e/lib/src/libglue.c:283:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	p0 = atoi(param);
data/gretl-2020e/lib/src/libglue.c:597:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fname[FILENAME_MAX];
data/gretl-2020e/lib/src/libglue.c:672:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    c = atoi(S[i]);
data/gretl-2020e/lib/src/libgretl.h:307:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stobs[OBSLEN];  /* string representation of starting obs (date) */
data/gretl-2020e/lib/src/libgretl.h:308:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char endobs[OBSLEN]; /* string representation of ending obs */
data/gretl-2020e/lib/src/libset.c:127:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char csv_write_na[8];       /* representation of NA in CSV output */
data/gretl-2020e/lib/src/libset.c:128:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char csv_read_na[8];        /* representation of NA in CSV input */
data/gretl-2020e/lib/src/libset.c:534:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fp = fopen("/sys/devices/system/cpu/smt/active", "r");
data/gretl-2020e/lib/src/libset.c:535:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[2];
data/gretl-2020e/lib/src/libset.c:540:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		smt = atoi(line);
data/gretl-2020e/lib/src/libset.c:634:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    omp_n_threads = atoi(s);
data/gretl-2020e/lib/src/libset.c:700:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(sv->csv_write_na, "NA");
data/gretl-2020e/lib/src/libset.c:701:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(sv->csv_read_na, "default");
data/gretl-2020e/lib/src/libset.c:810:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    b = atoi(s);
data/gretl-2020e/lib/src/libset.c:927:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char lagstr[6];
data/gretl-2020e/lib/src/libset.c:929:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(lagstr, "%d", state->ropts.user_lag);
data/gretl-2020e/lib/src/libset.c:1234:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    state->max_verbose = atoi(val);
data/gretl-2020e/lib/src/libset.c:1468:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char workdir[MAXLEN];
data/gretl-2020e/lib/src/libset.c:1503:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char d[2];
data/gretl-2020e/lib/src/libset.c:1513:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(d, "%c", c);
data/gretl-2020e/lib/src/libset.c:1925:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		return set_gretl_digits(atoi(setarg));
data/gretl-2020e/lib/src/libset.c:2978:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int k = atoi(s);
data/gretl-2020e/lib/src/libset.c:3048:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fullname[FILENAME_MAX];
data/gretl-2020e/lib/src/libset.c:3059:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char setobj[32], setarg[32], line[1024];
data/gretl-2020e/lib/src/matrix_extra.c:811:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "v%d", i);
data/gretl-2020e/lib/src/matrix_extra.c:835:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(dset->varname[i], "v%d", i);
data/gretl-2020e/lib/src/matrix_extra.c:925:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(dset->Z[i], src, T * sizeof *src);
data/gretl-2020e/lib/src/matrix_extra.c:930:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(dset->varname[i], "%d", col + 1);
data/gretl-2020e/lib/src/matrix_extra.c:932:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(dset->varname[i], "v%d", i);
data/gretl-2020e/lib/src/matrix_extra.c:934:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(dset->varname[i], "col%d", col + 1);
data/gretl-2020e/lib/src/matrix_extra.c:1112:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *p, test[16] = {0};
data/gretl-2020e/lib/src/matrix_extra.c:1164:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char header[20] = {0};
data/gretl-2020e/lib/src/matrix_extra.c:1226:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[3] = {0};
data/gretl-2020e/lib/src/matrix_extra.c:1261:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fullname[FILENAME_MAX];
data/gretl-2020e/lib/src/matrix_extra.c:1283:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[FILENAME_MAX];
data/gretl-2020e/lib/src/matrix_extra.c:1457:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char targ[FILENAME_MAX];
data/gretl-2020e/lib/src/matrix_extra.c:1592:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "nan");
data/gretl-2020e/lib/src/matrix_extra.c:1596:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(s, "%#.5g", x);
data/gretl-2020e/lib/src/matrix_extra.c:1623:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[24];
data/gretl-2020e/lib/src/matrix_extra.c:1628:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "%g", m->val[i]);
data/gretl-2020e/lib/src/matrix_extra.c:1664:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char numstr[32];
data/gretl-2020e/lib/src/matrix_extra.c:1665:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obs[OBSLEN];
data/gretl-2020e/lib/src/matrix_extra.c:1771:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		    strcpy(numstr, "nan");
data/gretl-2020e/lib/src/matrix_extra.c:1773:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(numstr, "%g", x);
data/gretl-2020e/lib/src/matrix_extra.c:1859:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char wtest[32];
data/gretl-2020e/lib/src/matrix_extra.c:2073:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char full[64] = {0};
data/gretl-2020e/lib/src/matrix_extra.c:2077:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(full + strlen(full), " (%p)", (void *) m);
data/gretl-2020e/lib/src/matrix_extra.c:2079:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(full, " (%p)", (void *) m);
data/gretl-2020e/lib/src/modelprint.c:125:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "NA");
data/gretl-2020e/lib/src/modelprint.c:127:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[32];
data/gretl-2020e/lib/src/modelprint.c:131:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tmp, "%.*g", d, -x);
data/gretl-2020e/lib/src/modelprint.c:134:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "%.*g", d, x);
data/gretl-2020e/lib/src/modelprint.c:146:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp1[32], tmp2[32];
data/gretl-2020e/lib/src/modelprint.c:429:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char numstr[32];
data/gretl-2020e/lib/src/modelprint.c:541:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char x1[32], x2[32];
data/gretl-2020e/lib/src/modelprint.c:760:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char xstr[32];
data/gretl-2020e/lib/src/modelprint.c:1233:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char x1str[32];
data/gretl-2020e/lib/src/modelprint.c:1247:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char x1str[32];
data/gretl-2020e/lib/src/modelprint.c:1328:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/lib/src/modelprint.c:1593:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[14];
data/gretl-2020e/lib/src/modelprint.c:1597:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char myvar[24];
data/gretl-2020e/lib/src/modelprint.c:1611:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vnesc[32];
data/gretl-2020e/lib/src/modelprint.c:1745:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[64];
data/gretl-2020e/lib/src/modelprint.c:1750:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[32];
data/gretl-2020e/lib/src/modelprint.c:1756:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(vname, "(1-L)");
data/gretl-2020e/lib/src/modelprint.c:1758:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(vname, "(1-L)^2");
data/gretl-2020e/lib/src/modelprint.c:1761:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(vname, "(1-L^s)");
data/gretl-2020e/lib/src/modelprint.c:1763:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(vname, "(1-L^s)^2");
data/gretl-2020e/lib/src/modelprint.c:1772:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(vname, "(1-L)");
data/gretl-2020e/lib/src/modelprint.c:1774:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(vname, "(1-L)^2");
data/gretl-2020e/lib/src/modelprint.c:1777:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(vname, "(1-Ls)");
data/gretl-2020e/lib/src/modelprint.c:1779:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(vname, "(1-Ls)^2");
data/gretl-2020e/lib/src/modelprint.c:1920:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(targ, "--");
data/gretl-2020e/lib/src/modelprint.c:1963:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char startdate[OBSLEN], enddate[OBSLEN];
data/gretl-2020e/lib/src/modelprint.c:1964:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[48], datesep[4];
data/gretl-2020e/lib/src/modelprint.c:2028:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char modname[32];
data/gretl-2020e/lib/src/modelprint.c:2465:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *cols[6] = { NULL };
data/gretl-2020e/lib/src/modelprint.c:2677:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char jllstr[64];
data/gretl-2020e/lib/src/modelprint.c:2678:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char xstr[32];
data/gretl-2020e/lib/src/modelprint.c:2716:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char txt_fmt[48];     /* format for plain text output */
data/gretl-2020e/lib/src/modelprint.c:2778:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "NA");
data/gretl-2020e/lib/src/modelprint.c:2780:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "%.15g", x);
data/gretl-2020e/lib/src/modelprint.c:2800:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(s, "$-$");
data/gretl-2020e/lib/src/modelprint.c:2819:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[16];
data/gretl-2020e/lib/src/modelprint.c:2822:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "%9d", (int) x);
data/gretl-2020e/lib/src/modelprint.c:2833:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "%9.6f", x);
data/gretl-2020e/lib/src/modelprint.c:2842:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tmp, "%.0f", ax);
data/gretl-2020e/lib/src/modelprint.c:2846:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tmp, "%#.3g", ax);
data/gretl-2020e/lib/src/modelprint.c:2849:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmp, "%8.6f", ax);
data/gretl-2020e/lib/src/modelprint.c:2854:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tmp, "%#.2g", ax);
data/gretl-2020e/lib/src/modelprint.c:2858:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tmp, "%8.6f", ax);
data/gretl-2020e/lib/src/modelprint.c:2864:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tmp, "%8.*f", 8 - ldig - 1, ax);
data/gretl-2020e/lib/src/modelprint.c:2879:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, " NA");
data/gretl-2020e/lib/src/modelprint.c:2884:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(s, "$-$%.15E", -x);
data/gretl-2020e/lib/src/modelprint.c:2886:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(s, "%.15E", x);
data/gretl-2020e/lib/src/modelprint.c:2890:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tmp[8];
data/gretl-2020e/lib/src/modelprint.c:2897:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(s, "−%.15E", -x);
data/gretl-2020e/lib/src/modelprint.c:2899:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(s, "% .15E", x);
data/gretl-2020e/lib/src/modelprint.c:2902:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "% .15E", x);
data/gretl-2020e/lib/src/modelprint.c:2932:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char x1[48], x2[48];
data/gretl-2020e/lib/src/modelprint.c:3059:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char teststr[32];
data/gretl-2020e/lib/src/modelprint.c:3145:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(teststr, "$F(%d, %d)$", pmod->dfn, dfd);
data/gretl-2020e/lib/src/modelprint.c:3150:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(teststr, "F(%d, %d)", pmod->dfn, dfd);
data/gretl-2020e/lib/src/modelprint.c:3384:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[4];
data/gretl-2020e/lib/src/modelprint.c:3386:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(test, "%.1f", 1.0);
data/gretl-2020e/lib/src/modelprint.c:3610:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(str, "<%.4f", 0.0001);
data/gretl-2020e/lib/src/modelprint.c:3612:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(str, "%.4f", pval);
data/gretl-2020e/lib/src/modelprint.c:3687:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char numstr[32];
data/gretl-2020e/lib/src/modelprint.c:3692:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(numstr, "%#.*g", get_gretl_digits(), fabs(xx));
data/gretl-2020e/lib/src/modelprint.c:3696:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(numstr, "%#.*g", get_gretl_digits(), xx);
data/gretl-2020e/lib/src/modelprint.c:3755:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char pvalstr[16];
data/gretl-2020e/lib/src/modelprint.c:3936:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[48];
data/gretl-2020e/lib/src/modelprint.c:3958:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[16];
data/gretl-2020e/lib/src/modelprint.c:3988:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(test, "%g", gretl_vector_get(tauvec, j));
data/gretl-2020e/lib/src/modelprint.c:4058:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[16];
data/gretl-2020e/lib/src/modelprint.c:4102:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[36];
data/gretl-2020e/lib/src/modelprint.c:4109:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[36];
data/gretl-2020e/lib/src/modelprint.c:4627:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[24];
data/gretl-2020e/lib/src/modelprint.c:4639:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(val->s, "%.1f", 1.0);
data/gretl-2020e/lib/src/modelprint.c:4903:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[NAMETRUNC];
data/gretl-2020e/lib/src/modelprint.c:4914:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char mnlsep[32];
data/gretl-2020e/lib/src/modelprint.c:4991:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(mc.name, "$\\alpha_%d$", i);
data/gretl-2020e/lib/src/modelprint.c:4993:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(mc.name, "alpha(%d)", i);
data/gretl-2020e/lib/src/modelprint.c:5007:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[24];
data/gretl-2020e/lib/src/modelprint.c:5018:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tmp[48];
data/gretl-2020e/lib/src/modelprint.c:5099:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ustr[32];
data/gretl-2020e/lib/src/modelprint.c:5102:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s1[32], s2[32], s3[32], s4[32];
data/gretl-2020e/lib/src/modelprint.c:5109:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(ustr, "$\\hat{u}_{t-%d}$", arinfo->arlist[c+1]);
data/gretl-2020e/lib/src/modelprint.c:5118:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pvalstr[16];
data/gretl-2020e/lib/src/modelprint.h:41:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[MC_NAMELEN];
data/gretl-2020e/lib/src/monte_carlo.c:124:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];  /* name of (scalar) variable, if used */
data/gretl-2020e/lib/src/monte_carlo.c:168:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char idxname[VNAMELEN];
data/gretl-2020e/lib/src/monte_carlo.c:171:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char eachname[VNAMELEN];
data/gretl-2020e/lib/src/monte_carlo.c:286:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char test[64];
data/gretl-2020e/lib/src/monte_carlo.c:336:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char expr[64];
data/gretl-2020e/lib/src/monte_carlo.c:348:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char expr[64];
data/gretl-2020e/lib/src/monte_carlo.c:789:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char genline[64];
data/gretl-2020e/lib/src/monte_carlo.c:824:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	clr->val = atoi(s);
data/gretl-2020e/lib/src/monte_carlo.c:1043:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char vname[VNAMELEN];
data/gretl-2020e/lib/src/monte_carlo.c:1123:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lfmt[16], afmt[18], vname[VNAMELEN];
data/gretl-2020e/lib/src/monte_carlo.c:1126:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(lfmt, "list %%%d[^ =]", VNAMELEN-1);
data/gretl-2020e/lib/src/monte_carlo.c:1127:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(afmt, "strings %%%d[^ =]", VNAMELEN-1);
data/gretl-2020e/lib/src/monte_carlo.c:1230:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char vn1[VNAMELEN], vn2[VNAMELEN];
data/gretl-2020e/lib/src/monte_carlo.c:1231:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fmt[16];
data/gretl-2020e/lib/src/monte_carlo.c:1234:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fmt, "%%%d[^.]..%%%ds", VNAMELEN-1, VNAMELEN-1);
data/gretl-2020e/lib/src/monte_carlo.c:1318:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ivar[VNAMELEN] = {0};
data/gretl-2020e/lib/src/monte_carlo.c:1497:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/lib/src/monte_carlo.c:2553:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pname[VNAMELEN];
data/gretl-2020e/lib/src/monte_carlo.c:2554:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[NAMETRUNC];
data/gretl-2020e/lib/src/monte_carlo.c:2610:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char startdate[OBSLEN], enddate[OBSLEN];
data/gretl-2020e/lib/src/monte_carlo.c:2859:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char insert[32], targ[VNAMELEN + 3] = {0};
data/gretl-2020e/lib/src/monte_carlo.c:2904:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(insert, "NA");
data/gretl-2020e/lib/src/monte_carlo.c:2906:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(insert, "%g", x);
data/gretl-2020e/lib/src/monte_carlo.c:2909:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(insert, "%d", idx);
data/gretl-2020e/lib/src/monte_carlo.c:2970:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char genline[64];
data/gretl-2020e/lib/src/nls.c:62:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[VNAMELEN];  /* name of parameter */
data/gretl-2020e/lib/src/nls.c:71:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dname[VNAMELEN]; /* name of variable holding the derivative */
data/gretl-2020e/lib/src/nls.c:193:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(s->dset->Z[v], y, T * sizeof *y);
data/gretl-2020e/lib/src/nls.c:242:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char word[FN_NAMELEN];
data/gretl-2020e/lib/src/nls.c:277:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char formula[MAXLINE];
data/gretl-2020e/lib/src/nls.c:329:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(s->params[++j].dname, "$nl_x%d", i);
data/gretl-2020e/lib/src/nls.c:792:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sname[VNAMELEN];
data/gretl-2020e/lib/src/nls.c:1809:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pname[VNAMELEN];
data/gretl-2020e/lib/src/nls.c:1859:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(pname, "%d", m + 1);
data/gretl-2020e/lib/src/nls.c:1862:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(pname, "%.*s[%d]", n, spec->params[j].name, k + 1);
data/gretl-2020e/lib/src/nls.c:2120:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(gdset->varname[1], "gnr_y");
data/gretl-2020e/lib/src/nls.c:2128:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(gdset->varname[i+2], "gnr_x%d", i + 1);
data/gretl-2020e/lib/src/nls.c:2977:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[FN_NAMELEN];
data/gretl-2020e/lib/src/nls.c:3418:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(spec->fvec, spec->lvec->val, fvec_bytes);
data/gretl-2020e/lib/src/nls.c:3427:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(spec->fvec, src, fvec_bytes);
data/gretl-2020e/lib/src/nls.c:3763:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(names[i], "_b%d", i);
data/gretl-2020e/lib/src/nls.c:3916:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[MAXLEN];
data/gretl-2020e/lib/src/nls.c:3962:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[MAXLEN];
data/gretl-2020e/lib/src/nlspec.h:39:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lhname[VNAMELEN]; /* name of LHS var in criterion function */
data/gretl-2020e/lib/src/nlspec.h:40:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hname[VNAMELEN];  /* name of Hessian matrix, if present */
data/gretl-2020e/lib/src/objstack.c:680:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[32];
data/gretl-2020e/lib/src/objstack.c:711:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[32];
data/gretl-2020e/lib/src/objstack.c:1515:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char ret[16];
data/gretl-2020e/lib/src/objstack.c:1527:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(ret, "Hessian");
data/gretl-2020e/lib/src/objstack.c:1529:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(ret, "OPG");
data/gretl-2020e/lib/src/objstack.c:1531:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(ret, "Sandwich");
data/gretl-2020e/lib/src/options.c:1462:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	level = atoi(so->val);
data/gretl-2020e/lib/src/options.c:1489:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[32];
data/gretl-2020e/lib/src/options.c:1492:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(s, "%g", x);
data/gretl-2020e/lib/src/plotspec.c:1035:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cstr[8];
data/gretl-2020e/lib/src/plotspec.c:1044:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cstr[8];
data/gretl-2020e/lib/src/plotspec.c:1246:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char src[16] = "'-'";
data/gretl-2020e/lib/src/plotspec.c:1489:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(src, "$data");
data/gretl-2020e/lib/src/plotspec.c:1651:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(spec->lines[1].title, _("loess fit, d = %d, q = %g"), d, q);
data/gretl-2020e/lib/src/plotspec.c:1664:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char x[32];
data/gretl-2020e/lib/src/plotspec.c:1676:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(x, "(%.1f*(x-%.10g)+1)", pd, x0);
data/gretl-2020e/lib/src/plotspec.c:1678:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(x, "(x-%.10g+1)", x0);
data/gretl-2020e/lib/src/plotspec.c:1699:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(formula, "%.10g + %.10g*log(x)", b[0], b[1]);
data/gretl-2020e/lib/src/plotspec.c:1715:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(title, "Y = %#.3g %c %#.3g%c", b[0],
data/gretl-2020e/lib/src/plotspec.c:1718:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(title, "Y = %#.3g %c %#.3g%c %c %#.3g%c^2", b[0],
data/gretl-2020e/lib/src/plotspec.c:1722:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(title, "Y = %#.3g %c %#.3g%c %c %#.3g%c^2 %c %#.3g%c^3",
data/gretl-2020e/lib/src/plotspec.c:1727:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(title, "Y = %#.3g %c %#.3g(1/%c)", b[0],
data/gretl-2020e/lib/src/plotspec.c:1730:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(title, "logY = %#.3g %c %#.3g%c", b[0],
data/gretl-2020e/lib/src/plotspec.c:1735:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char gstr[32];
data/gretl-2020e/lib/src/plotspec.c:1741:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(title, "Y = %#.3g %c %#.3glog(%c)", b[0],
data/gretl-2020e/lib/src/plotspec.c:2009:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[128];
data/gretl-2020e/lib/src/plotspec.c:2162:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cstr[8];
data/gretl-2020e/lib/src/plotspec.c:2185:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cstr[8];
data/gretl-2020e/lib/src/plotspec.h:88:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[MAXTITLE];          /* key or legend title */
data/gretl-2020e/lib/src/plotspec.h:89:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char formula[GP_MAXFORMULA];   /* expression to plot (rather than data) */
data/gretl-2020e/lib/src/plotspec.h:93:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rgb[8];                   /* rgb color specification */
data/gretl-2020e/lib/src/plotspec.h:113:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char text[PLOT_LABEL_TEXT_LEN + 1]; 
data/gretl-2020e/lib/src/plotspec.h:132:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[MAXLEN];        /* for gui purposes */
data/gretl-2020e/lib/src/plotspec.h:142:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char xvarname[MAXDISP];    /* name of x variable */
data/gretl-2020e/lib/src/plotspec.h:143:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char yvarname[MAXDISP];    /* name of y variable */
data/gretl-2020e/lib/src/plotspec.h:144:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char titles[5][MAXTITLE];  /* main, x, y, y2, x2 */
data/gretl-2020e/lib/src/plotspec.h:148:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char timefmt[16];          /* time format, if applicable */
data/gretl-2020e/lib/src/plotspec.h:149:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char xfmt[16];             /* x-axis tic format */
data/gretl-2020e/lib/src/plotspec.h:150:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char xtics[64];            /* x-axis tic marks */
data/gretl-2020e/lib/src/plotspec.h:151:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mxtics[4];            /* minor tics */
data/gretl-2020e/lib/src/plotspec.h:152:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char yfmt[16];             /* y-axis tic format */ 
data/gretl-2020e/lib/src/plotspec.h:153:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ytics[64];            /* y-axis tic marks */
data/gretl-2020e/lib/src/plotspec.h:160:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char border_lc[8];         /* border line color */
data/gretl-2020e/lib/src/plugins.c:433:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pluginpath[MAXLEN];
data/gretl-2020e/lib/src/plugins.c:533:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pluginpath[MAXLEN];
data/gretl-2020e/lib/src/printout.c:61:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(str, "%#*.*g", d, gretl_digits, xx);
data/gretl-2020e/lib/src/printout.c:80:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char timestr[48];
data/gretl-2020e/lib/src/printout.c:162:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char timestr[48];
data/gretl-2020e/lib/src/printout.c:239:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[OBSLEN];
data/gretl-2020e/lib/src/printout.c:364:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[64];
data/gretl-2020e/lib/src/printout.c:420:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(word, "%4g", freq->midpt[k]);
data/gretl-2020e/lib/src/printout.c:456:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(word, "%#.*g", digits, x);
data/gretl-2020e/lib/src/printout.c:465:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(word, "%#.*g", digits, x);
data/gretl-2020e/lib/src/printout.c:490:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(word, "%#.*g", digits, freq->endpt[k]);
data/gretl-2020e/lib/src/printout.c:497:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(word, " %#.*g", digits, x);
data/gretl-2020e/lib/src/printout.c:499:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(word, "%#.*g", digits, x);
data/gretl-2020e/lib/src/printout.c:505:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(word, " %#.*g", digits, x);
data/gretl-2020e/lib/src/printout.c:507:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(word, "%#.*g", digits, x);
data/gretl-2020e/lib/src/printout.c:542:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s1[9 + VNAMELEN * 2] = {0};
data/gretl-2020e/lib/src/printout.c:543:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s2[9 + VNAMELEN * 2] = {0};
data/gretl-2020e/lib/src/printout.c:548:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(s1, "\\texttt{");
data/gretl-2020e/lib/src/printout.c:549:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(s2, "\\texttt{");
data/gretl-2020e/lib/src/printout.c:557:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(targ, "\\_");
data/gretl-2020e/lib/src/printout.c:607:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lbl[64];
data/gretl-2020e/lib/src/printout.c:996:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char d1[OBSLEN], d2[OBSLEN];
data/gretl-2020e/lib/src/printout.c:1153:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(targ, "NA");
data/gretl-2020e/lib/src/printout.c:1161:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(targ, "%#.3g", x);
data/gretl-2020e/lib/src/printout.c:1164:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(targ, "%.4f", x);
data/gretl-2020e/lib/src/printout.c:1171:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "%#.*g", digits, x);
data/gretl-2020e/lib/src/printout.c:1184:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[36];
data/gretl-2020e/lib/src/printout.c:1202:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char numstr[36], final[36];
data/gretl-2020e/lib/src/printout.c:1214:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(numstr, "%#.*G", digits, x);
data/gretl-2020e/lib/src/printout.c:1291:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char numstr[16];
data/gretl-2020e/lib/src/printout.c:1320:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(numstr,"(%.3f)", x);
data/gretl-2020e/lib/src/printout.c:1399:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char numstr[18];
data/gretl-2020e/lib/src/printout.c:1404:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(numstr, "%.5e", x);
data/gretl-2020e/lib/src/printout.c:1406:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(numstr, "%g", x);
data/gretl-2020e/lib/src/printout.c:1517:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label[32];
data/gretl-2020e/lib/src/printout.c:1518:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obs1[OBSLEN], obs2[OBSLEN];
data/gretl-2020e/lib/src/printout.c:1621:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[32];
data/gretl-2020e/lib/src/printout.c:1674:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char format[12];
data/gretl-2020e/lib/src/printout.c:1687:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(format, "%% #.%dg  ", gretl_digits);
data/gretl-2020e/lib/src/printout.c:1689:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(format, "%%#.%dg  ", gretl_digits);
data/gretl-2020e/lib/src/printout.c:1693:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[32];
data/gretl-2020e/lib/src/printout.c:1744:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char numstr[48];
data/gretl-2020e/lib/src/printout.c:1770:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(numstr, "%.*f", TEST_PLACES, xx);
data/gretl-2020e/lib/src/printout.c:1852:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char n1[32], n2[32];
data/gretl-2020e/lib/src/printout.c:1854:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(n1, "%.*G", signif, x);
data/gretl-2020e/lib/src/printout.c:1855:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(n2, "%.0f", x);
data/gretl-2020e/lib/src/printout.c:1863:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char numstr[32];
data/gretl-2020e/lib/src/printout.c:1869:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(numstr, "NaN");
data/gretl-2020e/lib/src/printout.c:1878:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(numstr, "%.*g", gprec, x);
data/gretl-2020e/lib/src/printout.c:1883:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(numstr, "%.*f", -signif, x);
data/gretl-2020e/lib/src/printout.c:1885:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(numstr, "%.0f", x);
data/gretl-2020e/lib/src/printout.c:1904:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	   sprintf(numstr, "%.0f", x);
data/gretl-2020e/lib/src/printout.c:1910:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(numstr, "%.0f", x);
data/gretl-2020e/lib/src/printout.c:1912:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(numstr, "%.*G", signif, x);
data/gretl-2020e/lib/src/printout.c:1918:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(numstr, "%.*f", signif - l, x);
data/gretl-2020e/lib/src/printout.c:1926:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(numstr, "%#.*G", signif, x); /* # wanted? */
data/gretl-2020e/lib/src/printout.c:1947:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[OBSLEN] = {0};
data/gretl-2020e/lib/src/printout.c:2253:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[OBSLEN];
data/gretl-2020e/lib/src/printout.c:2255:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(s, "%d", t + 1);
data/gretl-2020e/lib/src/printout.c:2414:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[128];
data/gretl-2020e/lib/src/printout.c:2665:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obslabel[OBSLEN];
data/gretl-2020e/lib/src/printout.c:2666:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char format[16];
data/gretl-2020e/lib/src/printout.c:2712:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(format, "%%.%df", digits);
data/gretl-2020e/lib/src/printout.c:2714:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(format, "%%#.%dg", digits);
data/gretl-2020e/lib/src/printout.c:2825:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obs_string[OBSLEN];
data/gretl-2020e/lib/src/printout.c:2826:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[128];
data/gretl-2020e/lib/src/printout.c:3166:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label[32];
data/gretl-2020e/lib/src/printout.c:3432:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char test[12];
data/gretl-2020e/lib/src/printscan.c:110:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    offset = atoi(++q);
data/gretl-2020e/lib/src/printscan.c:466:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		uwid = atoi(s + 1);
data/gretl-2020e/lib/src/printscan.c:476:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    uprec = atoi(p + 1);
data/gretl-2020e/lib/src/printscan.c:522:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char conv[3] = {0};
data/gretl-2020e/lib/src/printscan.c:694:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (atoi(s+1) < 15) {
data/gretl-2020e/lib/src/printscan.c:990:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	*width = atoi(p);
data/gretl-2020e/lib/src/printscan.c:1420:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char format[16] = {0};
data/gretl-2020e/lib/src/printscan.c:1421:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char args[32] = {0};
data/gretl-2020e/lib/src/pvalues.c:2995:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[8];
data/gretl-2020e/lib/src/pvalues.c:3712:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char numstr[32];
data/gretl-2020e/lib/src/pvalues.c:3719:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(numstr, "%g", p);
data/gretl-2020e/lib/src/pvalues.c:3893:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[MAXLEN];
data/gretl-2020e/lib/src/pvalues.c:3917:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(line, "pvalue(");
data/gretl-2020e/lib/src/qr_estimate.c:308:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(X->val + s, dset->Z[vi] + pmod->t1, sz);
data/gretl-2020e/lib/src/qr_estimate.c:1261:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(Q->val + s, dset->Z[pmod->list[i]] + pmod->t1, sz);
data/gretl-2020e/lib/src/qr_estimate.c:1265:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(y->val, dset->Z[pmod->list[1]] + pmod->t1, sz);
data/gretl-2020e/lib/src/random.c:200:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	sfmt_seed = atoi(fseed);
data/gretl-2020e/lib/src/strutils.c:443:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char screen[4];
data/gretl-2020e/lib/src/strutils.c:554:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(targ, src, n);
data/gretl-2020e/lib/src/strutils.c:583:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(targ, src, len);
data/gretl-2020e/lib/src/strutils.c:1177:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char u[2] = {0};
data/gretl-2020e/lib/src/strutils.c:2404:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, *test, tmp[OBSLEN];
data/gretl-2020e/lib/src/strutils.c:2547:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(p, "&amp;");
data/gretl-2020e/lib/src/strutils.c:2550:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(p, "&lt;");
data/gretl-2020e/lib/src/strutils.c:2553:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(p, "&gt;");
data/gretl-2020e/lib/src/strutils.c:2556:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(p, "&quot;");
data/gretl-2020e/lib/src/strutils.c:2619:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(targ, "&amp;");
data/gretl-2020e/lib/src/strutils.c:2622:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(targ, "&lt;");
data/gretl-2020e/lib/src/strutils.c:2625:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(targ, "&gt;");
data/gretl-2020e/lib/src/strutils.c:2628:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(targ, "&quot;");
data/gretl-2020e/lib/src/strutils.c:2692:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[5] = {0};
data/gretl-2020e/lib/src/strutils.c:3068:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[8];
data/gretl-2020e/lib/src/strutils.c:3070:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(fmt, "%%%ds", VNAMELEN-1);
data/gretl-2020e/lib/src/subsample.c:153:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(ret, src, n);
data/gretl-2020e/lib/src/subsample.c:567:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(fullset->S[t], "%d", t + 1);
data/gretl-2020e/lib/src/subsample.c:869:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char datestr[OBSLEN];
data/gretl-2020e/lib/src/subsample.c:992:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char formula[MAXLINE];
data/gretl-2020e/lib/src/subsample.c:1024:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dname[VNAMELEN] = {0};
data/gretl-2020e/lib/src/subsample.c:1379:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(subset->endobs, "%d", subset->n);
data/gretl-2020e/lib/src/subsample.c:1548:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datestr[OBSLEN];
data/gretl-2020e/lib/src/subsample.c:2040:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(s, " && ");
data/gretl-2020e/lib/src/subsample.c:2043:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(s, "random");
data/gretl-2020e/lib/src/subsample.c:2045:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(s, "no-missing");
data/gretl-2020e/lib/src/subsample.c:2069:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stobs[OBSLEN];
data/gretl-2020e/lib/src/subsample.c:2455:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	k = atoi(s);
data/gretl-2020e/lib/src/subsample.c:2477:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int sval = atoi(s);
data/gretl-2020e/lib/src/subsample.c:2810:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char tmp[OBSLEN];
data/gretl-2020e/lib/src/subsample.c:3105:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(str, _("time series"));
data/gretl-2020e/lib/src/subsample.c:3107:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(str, _("panel"));
data/gretl-2020e/lib/src/subsample.c:3109:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(str, _("undated"));
data/gretl-2020e/lib/src/subsample.c:3116:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(str, _("special"));
data/gretl-2020e/lib/src/subsample.c:3120:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(str, _("annual")); break;
data/gretl-2020e/lib/src/subsample.c:3122:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(str, _("quarterly")); break;
data/gretl-2020e/lib/src/subsample.c:3124:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(str, _("monthly")); break;
data/gretl-2020e/lib/src/subsample.c:3126:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(str, _("hourly")); break;
data/gretl-2020e/lib/src/subsample.c:3128:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(str, _("weekly")); break;
data/gretl-2020e/lib/src/subsample.c:3130:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(str, _("daily (5 days)")); break;
data/gretl-2020e/lib/src/subsample.c:3132:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(str, _("daily (6 days)")); break;
data/gretl-2020e/lib/src/subsample.c:3134:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(str, _("daily (7 days)")); break;
data/gretl-2020e/lib/src/subsample.c:3136:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(str, _("decennial")); break;
data/gretl-2020e/lib/src/subsample.c:3138:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(str, _("unknown")); break;
data/gretl-2020e/lib/src/subsample.c:3145:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char d1[OBSLEN], d2[OBSLEN];
data/gretl-2020e/lib/src/subsample.c:3156:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[128];
data/gretl-2020e/lib/src/subsample.c:3220:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char startdate[OBSLEN], enddate[OBSLEN], tmp[MAXLEN];
data/gretl-2020e/lib/src/subsample.c:3221:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tstr[48];
data/gretl-2020e/lib/src/system.c:997:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char mstr[9];
data/gretl-2020e/lib/src/system.c:1019:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mstr[9];
data/gretl-2020e/lib/src/system.c:2448:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char sysstr[128];
data/gretl-2020e/lib/src/system.c:2680:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/lib/src/system.c:3408:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lname[16];
data/gretl-2020e/lib/src/system.c:3444:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(lname, "list%d", i+1);
data/gretl-2020e/lib/src/texprint.c:29:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char colspec[4][8];
data/gretl-2020e/lib/src/texprint.c:52:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[4];
data/gretl-2020e/lib/src/texprint.c:132:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char base[16], op[2], mod[8];
data/gretl-2020e/lib/src/texprint.c:214:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	return strcpy(s, "\\multicolumn{2}{c}{}");
data/gretl-2020e/lib/src/texprint.c:220:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "$-$%.*f", dig, -x);
data/gretl-2020e/lib/src/texprint.c:222:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "%.*f", dig, x);
data/gretl-2020e/lib/src/texprint.c:254:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[16];
data/gretl-2020e/lib/src/texprint.c:268:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	return strcpy(s, "\\multicolumn{2}{c}{}");
data/gretl-2020e/lib/src/texprint.c:274:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "$-$%#.*g", d, -x);
data/gretl-2020e/lib/src/texprint.c:276:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "%#.*g", d, x);
data/gretl-2020e/lib/src/texprint.c:330:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "$-$%#.*g", dig, -x);
data/gretl-2020e/lib/src/texprint.c:332:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "%#.*g", dig, x);
data/gretl-2020e/lib/src/texprint.c:347:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	return strcpy(s, "\\mbox{NA}");
data/gretl-2020e/lib/src/texprint.c:352:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(s, "%#.*g", dig, x);
data/gretl-2020e/lib/src/texprint.c:380:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "$-$%#.*g", d, -x);
data/gretl-2020e/lib/src/texprint.c:382:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(s, "%#.*g", d, x);
data/gretl-2020e/lib/src/texprint.c:402:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[32];
data/gretl-2020e/lib/src/texprint.c:424:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int lag = atoi(++p);
data/gretl-2020e/lib/src/texprint.c:426:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(cname, "$u_{t-%d}^2$", lag);
data/gretl-2020e/lib/src/texprint.c:448:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[16], vname[VNAMELEN], vnesc[16];
data/gretl-2020e/lib/src/texprint.c:451:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(fmt, "%%%d[^(](%%d)", VNAMELEN - 1);
data/gretl-2020e/lib/src/texprint.c:474:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[12], vname[VNAMELEN], vnesc[24];
data/gretl-2020e/lib/src/texprint.c:479:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(fmt, "%%%d[^^]^%%d", VNAMELEN - 1);
data/gretl-2020e/lib/src/texprint.c:501:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN], vnesc[32], texname[48];
data/gretl-2020e/lib/src/texprint.c:506:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(targ, "$\\phi_{%d}$", i);
data/gretl-2020e/lib/src/texprint.c:508:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(targ, "\\phi_{%d}", i);
data/gretl-2020e/lib/src/texprint.c:512:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(targ, "$\\Phi_{%d}$", i);
data/gretl-2020e/lib/src/texprint.c:514:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(targ, "\\Phi_{%d}", i);
data/gretl-2020e/lib/src/texprint.c:518:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(targ, "$\\theta_{%d}$", i);
data/gretl-2020e/lib/src/texprint.c:520:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(targ, "\\theta_{%d}", i);
data/gretl-2020e/lib/src/texprint.c:524:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(targ, "$\\Theta_{%d}$", i);
data/gretl-2020e/lib/src/texprint.c:526:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(targ, "\\Theta_{%d}", i);
data/gretl-2020e/lib/src/texprint.c:529:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fmt[16];
data/gretl-2020e/lib/src/texprint.c:531:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fmt, "%%%d[^(](-%%d)", VNAMELEN - 1);
data/gretl-2020e/lib/src/texprint.c:562:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[32], base[12];
data/gretl-2020e/lib/src/texprint.c:577:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[32], base[12];
data/gretl-2020e/lib/src/texprint.c:591:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[12];
data/gretl-2020e/lib/src/texprint.c:670:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pname[VNAMELEN];
data/gretl-2020e/lib/src/texprint.c:702:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(numstr, "$-$%.15E", -x);
data/gretl-2020e/lib/src/texprint.c:704:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(numstr, "%.15E", x);
data/gretl-2020e/lib/src/texprint.c:708:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[8];
data/gretl-2020e/lib/src/texprint.c:719:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char col1[64], col2[64], col3[64], col4[64];
data/gretl-2020e/lib/src/texprint.c:755:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(col3, "\\multicolumn{2}{c}{}");
data/gretl-2020e/lib/src/texprint.c:766:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(col4, "\\multicolumn{2}{c}{}");
data/gretl-2020e/lib/src/texprint.c:910:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[48];
data/gretl-2020e/lib/src/texprint.c:979:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[32];
data/gretl-2020e/lib/src/texprint.c:1137:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char tex_preamble_file[MAXLEN];
data/gretl-2020e/lib/src/texprint.c:1146:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lstr[3] = {0};
data/gretl-2020e/lib/src/texprint.c:1157:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[MAXLEN];
data/gretl-2020e/lib/src/texprint.c:1186:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char localname[16];
data/gretl-2020e/lib/src/texprint.c:1251:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char line[256];
data/gretl-2020e/lib/src/texprint.c:1344:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[48], vname[32];
data/gretl-2020e/lib/src/texprint.c:1815:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[OBSLEN];
data/gretl-2020e/lib/src/tokenize.c:626:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char strvar[VNAMELEN];
data/gretl-2020e/lib/src/tokenize.c:1238:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char optflag[OPTLEN];
data/gretl-2020e/lib/src/tokenize.c:1278:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char optflag[OPTLEN];
data/gretl-2020e/lib/src/tokenize.c:1313:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char optflag[OPTLEN];
data/gretl-2020e/lib/src/tokenize.c:1767:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[2] = {0};
data/gretl-2020e/lib/src/tokenize.c:1828:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ret = atoi(tok->s);
data/gretl-2020e/lib/src/tokenize.c:1882:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ret = atoi(tok->s);
data/gretl-2020e/lib/src/tokenize.c:2114:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "option");
data/gretl-2020e/lib/src/tokenize.c:2116:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "short-option");
data/gretl-2020e/lib/src/tokenize.c:2118:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "quoted");
data/gretl-2020e/lib/src/tokenize.c:2120:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "number");
data/gretl-2020e/lib/src/tokenize.c:2122:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "integer");
data/gretl-2020e/lib/src/tokenize.c:2124:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "option-leader");
data/gretl-2020e/lib/src/tokenize.c:2126:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "dash");
data/gretl-2020e/lib/src/tokenize.c:2128:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "dot");
data/gretl-2020e/lib/src/tokenize.c:2130:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "comma");
data/gretl-2020e/lib/src/tokenize.c:2132:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "separator");
data/gretl-2020e/lib/src/tokenize.c:2134:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "colon");
data/gretl-2020e/lib/src/tokenize.c:2136:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "double-dash");
data/gretl-2020e/lib/src/tokenize.c:2138:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "double-plus");
data/gretl-2020e/lib/src/tokenize.c:2140:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "double-dot");
data/gretl-2020e/lib/src/tokenize.c:2142:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "equals");
data/gretl-2020e/lib/src/tokenize.c:2144:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "modified-equals");
data/gretl-2020e/lib/src/tokenize.c:2146:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "opt-equals");
data/gretl-2020e/lib/src/tokenize.c:2149:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(s, "quoted option-value");
data/gretl-2020e/lib/src/tokenize.c:2151:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(s, "option-value");
data/gretl-2020e/lib/src/tokenize.c:2154:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "assign");
data/gretl-2020e/lib/src/tokenize.c:2156:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "symbol/operator");
data/gretl-2020e/lib/src/tokenize.c:2158:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "paren-delimited");
data/gretl-2020e/lib/src/tokenize.c:2160:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "brace-delimited");
data/gretl-2020e/lib/src/tokenize.c:2162:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "bracket-delimited");
data/gretl-2020e/lib/src/tokenize.c:2164:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "$-variable");
data/gretl-2020e/lib/src/tokenize.c:2166:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "eval-token");
data/gretl-2020e/lib/src/tokenize.c:2168:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "regular");
data/gretl-2020e/lib/src/tokenize.c:2174:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(s, ", joined on left");
data/gretl-2020e/lib/src/tokenize.c:2178:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(s, ", ignored!");
data/gretl-2020e/lib/src/tokenize.c:2180:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(s, ", handled");
data/gretl-2020e/lib/src/tokenize.c:2182:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(s, ", not handled");
data/gretl-2020e/lib/src/tokenize.c:2215:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char desc[48];
data/gretl-2020e/lib/src/tokenize.c:2834:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vectest[3] = {0}; /* for arima */
data/gretl-2020e/lib/src/tokenize.c:2835:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lstr[MAXLINE];
data/gretl-2020e/lib/src/tokenize.c:3424:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tok[FN_NAMELEN];
data/gretl-2020e/lib/src/tokenize.c:3648:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int k = atoi(s);
data/gretl-2020e/lib/src/tokenize.c:3719:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    cmd->list[1] = atoi(s);
data/gretl-2020e/lib/src/tokenize.c:3741:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	cmd->auxint = atoi(cmd->param);
data/gretl-2020e/lib/src/tokenize.c:4036:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[6], *s = state->line;
data/gretl-2020e/lib/src/transforms.c:97:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(vname, "d_");
data/gretl-2020e/lib/src/transforms.c:100:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(vname, "ld_");
data/gretl-2020e/lib/src/transforms.c:103:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(vname, "sd_");
data/gretl-2020e/lib/src/transforms.c:106:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(vname, "o_");
data/gretl-2020e/lib/src/transforms.c:109:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(vname, "l_");
data/gretl-2020e/lib/src/transforms.c:112:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(vname, "sq_");
data/gretl-2020e/lib/src/transforms.c:115:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ext[12];
data/gretl-2020e/lib/src/transforms.c:119:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(ext, "_%d", aux);
data/gretl-2020e/lib/src/transforms.c:130:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(ext, "%d", -aux);
data/gretl-2020e/lib/src/transforms.c:147:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ext[16];
data/gretl-2020e/lib/src/transforms.c:150:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(ext, "_m%d", abs(aux));
data/gretl-2020e/lib/src/transforms.c:152:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(ext, "_%d", aux);
data/gretl-2020e/lib/src/transforms.c:158:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(vname, "i_");
data/gretl-2020e/lib/src/transforms.c:162:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(vname, "c_");
data/gretl-2020e/lib/src/transforms.c:164:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(vname, "s_");
data/gretl-2020e/lib/src/transforms.c:168:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(vname, "rs_");
data/gretl-2020e/lib/src/transforms.c:764:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN] = {0};
data/gretl-2020e/lib/src/transforms.c:765:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label[MAXLABEL] = {0};
data/gretl-2020e/lib/src/transforms.c:1169:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[16], sfx[16];
data/gretl-2020e/lib/src/transforms.c:1693:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/lib/src/transforms.c:1773:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char vname[VNAMELEN];
data/gretl-2020e/lib/src/transforms.c:1774:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char label[MAXLABEL];
data/gretl-2020e/lib/src/tsls.c:572:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dset->varname[nv], "IV uhat");
data/gretl-2020e/lib/src/tsls.c:699:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(dset->varname[dset->v - 1], "Ufitvals");
data/gretl-2020e/lib/src/tsls.c:903:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dset->varname[v1], "h_");
data/gretl-2020e/lib/src/usermat.c:764:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(xtarg, xsrc, colsize);
data/gretl-2020e/lib/src/usermat.c:802:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ztarg, zsrc, colsize);
data/gretl-2020e/lib/src/usermat.c:863:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(M->z + ini, S->z, n * sizeof *M->z);
data/gretl-2020e/lib/src/usermat.c:865:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(M->val + ini, S->val, n * sizeof *M->val);
data/gretl-2020e/lib/src/usermat.c:1031:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(dest, M->z + mj * r, csize);
data/gretl-2020e/lib/src/usermat.c:1040:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(dest, M->val + mj * r, csize);
data/gretl-2020e/lib/src/usermat.c:1146:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(ret->z, M->z + offset, sz);
data/gretl-2020e/lib/src/usermat.c:1149:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(ret->val, M->val + offset, sz);
data/gretl-2020e/lib/src/usermat.c:1180:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[12];
data/gretl-2020e/lib/src/usermat.c:1184:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmp, "%d", i+1);
data/gretl-2020e/lib/src/usermat.c:1186:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmp, "%.*s%d", 9-m, s, i+1);
data/gretl-2020e/lib/src/uservar.c:1461:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpname[VNAMELEN];
data/gretl-2020e/lib/src/uservar.c:1470:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmpname, "btmp___%d", nb);
data/gretl-2020e/lib/src/uservar.c:1725:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bname[VNAMELEN];
data/gretl-2020e/lib/src/uservar.c:1726:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char key[VNAMELEN];
data/gretl-2020e/lib/src/uservar.c:2241:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[MAXLEN];
data/gretl-2020e/lib/src/uservar.c:2290:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char root_name[16];
data/gretl-2020e/lib/src/uservar.c:2291:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[MAXLEN];
data/gretl-2020e/lib/src/uservar_priv.h:27:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[VNAMELEN];
data/gretl-2020e/lib/src/var.c:2294:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lagstr[12];
data/gretl-2020e/lib/src/var.c:2306:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(lagstr, "_%d", j);
data/gretl-2020e/lib/src/var.c:2309:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(params[k], "d_");
data/gretl-2020e/lib/src/var.c:2327:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(params[k++], "S%d", i);
data/gretl-2020e/lib/src/var.c:2332:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(params[k++], "time");
data/gretl-2020e/lib/src/var.c:2339:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(params[k++], "EC%d", i+1);
data/gretl-2020e/lib/src/var.c:2385:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(pmod->depvar, "d_");
data/gretl-2020e/lib/src/var.c:2931:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(v->jinfo->R0->val, R->val, n * sizeof(double));
data/gretl-2020e/lib/src/var.c:2932:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(v->jinfo->R1->val, R->val + n, m * sizeof(double));
data/gretl-2020e/lib/src/var.c:3073:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stobs[OBSLEN], endobs[OBSLEN];
data/gretl-2020e/lib/src/var.c:3471:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	targ = atoi(s + 7) - 1;
data/gretl-2020e/lib/src/var.c:3476:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	shock = atoi(s + 8) - 1;
data/gretl-2020e/lib/src/var.c:3481:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	h = atoi(s + 10);
data/gretl-2020e/lib/src/varprint.c:86:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[32];
data/gretl-2020e/lib/src/varprint.c:150:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[32];
data/gretl-2020e/lib/src/varprint.c:591:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[32];
data/gretl-2020e/lib/src/varprint.c:612:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namefmt[16];
data/gretl-2020e/lib/src/varprint.c:613:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[16], vname[32];
data/gretl-2020e/lib/src/varprint.c:630:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(namefmt, "%%-%ds", nwid);
data/gretl-2020e/lib/src/varprint.c:660:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(s, "(%#.5g)", x);
data/gretl-2020e/lib/src/varprint.c:713:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(s, "(%#.5g)", x);
data/gretl-2020e/lib/src/varprint.c:732:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[32] = {0};
data/gretl-2020e/lib/src/varprint.c:986:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(s, _("All vars, lag %d"), maxlag);
data/gretl-2020e/lib/src/varprint.c:1012:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char startdate[OBSLEN], enddate[OBSLEN];
data/gretl-2020e/lib/src/varprint.c:1013:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label[72];
data/gretl-2020e/lib/src/varprint.c:1122:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char Fstr[24];
data/gretl-2020e/lib/src/varprint.c:1171:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char tname[32];
data/gretl-2020e/lib/src/varprint.c:1185:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char tmp[NAMETRUNC];
data/gretl-2020e/lib/src/varprint.c:1192:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(Fstr, "F(%d, %d)", nlags, dfd);
data/gretl-2020e/lib/src/varprint.c:1216:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(label, _("All vars, lag %d"), maxlag);
data/gretl-2020e/lib/src/varprint.c:1220:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(Fstr, "F(%d, %d)", var->neqns, dfd);
data/gretl-2020e/lib/src/varprint.c:1238:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char h0str[64];
data/gretl-2020e/lib/src/varprint.c:1239:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char h1str[64];
data/gretl-2020e/lib/src/vartest.c:55:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char Fspec[32];
data/gretl-2020e/lib/src/vartest.c:146:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(targ, var->X->val, var->ncoeff * T * sizeof(double));
data/gretl-2020e/lib/src/vartest.c:191:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(Fspec, "F(%g, %g)", dfn, dfd);
data/gretl-2020e/minpack/lbfgsb.c:395:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(task, "ERROR: N .LE. 0");
data/gretl-2020e/minpack/lbfgsb.c:398:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(task, "ERROR: M .LE. 0");
data/gretl-2020e/minpack/lbfgsb.c:401:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(task, "ERROR: FACTR .LT. 0");
data/gretl-2020e/minpack/lbfgsb.c:406:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(task, "ERROR: INVALID NBD");
data/gretl-2020e/minpack/lbfgsb.c:412:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(task, "ERROR: NO FEASIBLE SOLUTION");
data/gretl-2020e/minpack/lbfgsb.c:1234:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(task, "ERROR: STP .LT. STPMIN");
data/gretl-2020e/minpack/lbfgsb.c:1237:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(task, "ERROR: STP .GT. STPMAX");
data/gretl-2020e/minpack/lbfgsb.c:1240:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(task, "ERROR: INITIAL G .GE. ZERO");
data/gretl-2020e/minpack/lbfgsb.c:1243:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(task, "ERROR: FTOL .LT. ZERO");
data/gretl-2020e/minpack/lbfgsb.c:1246:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(task, "ERROR: GTOL .LT. ZERO");
data/gretl-2020e/minpack/lbfgsb.c:1249:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(task, "ERROR: XTOL .LT. ZERO");
data/gretl-2020e/minpack/lbfgsb.c:1252:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(task, "ERROR: STPMIN .LT. ZERO");
data/gretl-2020e/minpack/lbfgsb.c:1255:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(task, "ERROR: STPMAX .LT. STPMIN");
data/gretl-2020e/minpack/lbfgsb.c:1275:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(task, "FG");
data/gretl-2020e/minpack/lbfgsb.c:1303:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(task, "WARNING: ROUNDING ERRORS PREVENT PROGRESS");
data/gretl-2020e/minpack/lbfgsb.c:1306:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(task, "WARNING: XTOL TEST SATISFIED");
data/gretl-2020e/minpack/lbfgsb.c:1309:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(task, "WARNING: STP = STPMAX");
data/gretl-2020e/minpack/lbfgsb.c:1312:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(task, "WARNING: STP = STPMIN");
data/gretl-2020e/minpack/lbfgsb.c:1315:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(task, "CONVERGENCE");
data/gretl-2020e/minpack/lbfgsb.c:1357:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(task, "FG");
data/gretl-2020e/minpack/lbfgsb.c:1452:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(csave, "START");
data/gretl-2020e/minpack/lbfgsb.c:1467:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(task, "FG_LNSRCH");
data/gretl-2020e/minpack/lbfgsb.c:1480:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(task, "NEW_X");
data/gretl-2020e/minpack/lbfgsb.c:1776:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[4];
data/gretl-2020e/minpack/lbfgsb.c:1874:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(word, "---");
data/gretl-2020e/minpack/lbfgsb.c:1940:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(task, "FG_START");
data/gretl-2020e/minpack/lbfgsb.c:1946:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(task, "CONVERGENCE: NORM_OF_PROJECTED_GRADIENT_<=_PGTOL");
data/gretl-2020e/minpack/lbfgsb.c:2046:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(task, "ABNORMAL_TERMINATION_IN_LNSRCH");
data/gretl-2020e/minpack/lbfgsb.c:2059:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(task, "RESTART_FROM_LNSRCH");
data/gretl-2020e/minpack/lbfgsb.c:2075:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(task, "CONVERGENCE: NORM_OF_PROJECTED_GRADIENT_<=_PGTOL");
data/gretl-2020e/minpack/lbfgsb.c:2081:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(task, "CONVERGENCE: REL_REDUCTION_OF_F_<=_FACTR*EPSMCH");
data/gretl-2020e/plugin/arbond.c:1723:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[32];
data/gretl-2020e/plugin/arbond.c:1763:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tmp, "%.10s(-%d)", dset->varname[dpd->yno],
data/gretl-2020e/plugin/arbond.c:1769:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tmp, "%.10s(-%d)", dset->varname[dpd->yno], i+1);
data/gretl-2020e/plugin/arbond.c:1779:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tmp, "%c%.10s(-%d)", prefix, dset->varname[dpd->yno],
data/gretl-2020e/plugin/arbond.c:1785:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tmp, "%c%.10s(-%d)", prefix, dset->varname[dpd->yno], i+1);
data/gretl-2020e/plugin/arbond.c:1797:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmp, "T%d", dpd->t1min + i + 2);
data/gretl-2020e/plugin/arbond.c:1800:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmp, "T%d", dpd->t1min + i + 1);
data/gretl-2020e/plugin/arbond.c:2260:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char zstr[8];
data/gretl-2020e/plugin/arbond.c:2367:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(zstr, "Z_%d", i + 1);
data/gretl-2020e/plugin/arbond.c:2568:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/plugin/arbond.c:2569:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[24];
data/gretl-2020e/plugin/arbond.c:2585:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(fmt, "%%%d[^, ] , %%d , %%d)", VNAMELEN-1);
data/gretl-2020e/plugin/arbond.c:2670:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char test[48];
data/gretl-2020e/plugin/arma.c:859:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (envstr != NULL && atoi(envstr) > 0) {
data/gretl-2020e/plugin/arma_init.c:570:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(aset->Z[1], y + t1, datalen);
data/gretl-2020e/plugin/arma_init.c:574:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(aset->varname[pos], "x%d", i);
data/gretl-2020e/plugin/arma_init.c:576:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(aset->Z[pos], dset->Z[xpos] + t1, datalen);
data/gretl-2020e/plugin/arma_init.c:582:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(aset->varname[pos], "y_%d", i);
data/gretl-2020e/plugin/arma_init.c:583:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(aset->Z[pos], y + t1 - i, datalen);
data/gretl-2020e/plugin/arma_init.c:591:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(aset->varname[pos], "y_%d", m);
data/gretl-2020e/plugin/arma_init.c:592:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(aset->Z[pos], y + t1 - m, datalen);
data/gretl-2020e/plugin/arma_init.c:601:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(aset->varname[pos], "y_%d", m);
data/gretl-2020e/plugin/arma_init.c:602:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(aset->Z[pos], y + t1 - m, datalen);
data/gretl-2020e/plugin/arma_init.c:612:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(aset->varname[pos], "y_%d", i);
data/gretl-2020e/plugin/arma_init.c:613:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(aset->Z[pos], y + t1 - i, datalen);
data/gretl-2020e/plugin/arma_init.c:646:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(aset->varname[pos], "e_%d", i);
data/gretl-2020e/plugin/arma_init.c:649:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(dest, src, datalen);
data/gretl-2020e/plugin/arma_init.c:655:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(aset->varname[pos], "e_%d", m);
data/gretl-2020e/plugin/arma_init.c:658:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dest, src, datalen);
data/gretl-2020e/plugin/arma_init.c:665:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(aset->varname[pos], "e_%d", m);
data/gretl-2020e/plugin/arma_init.c:668:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dest, src, datalen);
data/gretl-2020e/plugin/arma_init.c:849:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(aset->varname[k++], "y_%d", lag);
data/gretl-2020e/plugin/arma_init.c:851:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(aset->varname[kx++], "x%d_%d", j+1, lag);
data/gretl-2020e/plugin/arma_init.c:861:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(aset->varname[k], "y_%d", lag);
data/gretl-2020e/plugin/arma_init.c:863:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(aset->varname[kx++], "x%d_%d", i+1, lag);
data/gretl-2020e/plugin/arma_init.c:868:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(aset->varname[ky++], "y_%d", lag);
data/gretl-2020e/plugin/arma_init.c:870:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(aset->varname[kx++], "x%d_%d", k+1, lag);
data/gretl-2020e/plugin/arma_init.c:879:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(aset->varname[kx++], "x%d", i+1);
data/gretl-2020e/plugin/arma_init.c:943:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(dset->varname[v], "d%d", i);
data/gretl-2020e/plugin/arma_init.c:1178:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char chunk[32];
data/gretl-2020e/plugin/arma_init.c:1183:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(chunk, "y_%d", lag);
data/gretl-2020e/plugin/arma_init.c:1189:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(chunk, "(y_%d-", lag);
data/gretl-2020e/plugin/arma_init.c:1196:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(chunk, "_b0");
data/gretl-2020e/plugin/arma_init.c:1205:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(chunk, "_b%d*x%d_%d", i+1, i+1, lag);
data/gretl-2020e/plugin/arma_init.c:1223:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fnstr[MAXLINE];
data/gretl-2020e/plugin/arma_init.c:1224:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char term[32];
data/gretl-2020e/plugin/arma_init.c:1287:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(pnames[k++], "_b0");
data/gretl-2020e/plugin/arma_init.c:1301:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(pnames[k++], "_phi%d", i+1);
data/gretl-2020e/plugin/arma_init.c:1315:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(pnames[k++], "_Phi%d", i+1);
data/gretl-2020e/plugin/arma_init.c:1322:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(pnames[k++], "_b%d", i+1);
data/gretl-2020e/plugin/arma_init.c:1329:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(pnames[k++], "_c%d", i);
data/gretl-2020e/plugin/arma_init.c:1335:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(fnstr, "y=");
data/gretl-2020e/plugin/arma_init.c:1338:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(fnstr, "_b0");
data/gretl-2020e/plugin/arma_init.c:1346:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(term, "+_phi%d*", lag);
data/gretl-2020e/plugin/arma_init.c:1355:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(term, "+_Phi%d*", j+1);
data/gretl-2020e/plugin/arma_init.c:1361:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(term, "-_phi%d*_Phi%d*", i+1, j+1);
data/gretl-2020e/plugin/arma_init.c:1372:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(term, "+_b%d*x%d", i+1, i+1);
data/gretl-2020e/plugin/arma_init.c:1378:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(term, "+_c%d*d%d", i, i);
data/gretl-2020e/plugin/arma_x12.c:113:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char outname[FILENAME_MAX];
data/gretl-2020e/plugin/arma_x12.c:114:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char unique[FILENAME_MAX];
data/gretl-2020e/plugin/arma_x12.c:115:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[256];
data/gretl-2020e/plugin/arma_x12.c:153:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[MAXLEN];
data/gretl-2020e/plugin/arma_x12.c:155:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[129];
data/gretl-2020e/plugin/arma_x12.c:184:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char date[12] = {0};
data/gretl-2020e/plugin/arma_x12.c:189:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fmt[16];
data/gretl-2020e/plugin/arma_x12.c:191:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fmt, "%%%dd%%2d", len - 2);
data/gretl-2020e/plugin/arma_x12.c:224:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[80], statname[12];
data/gretl-2020e/plugin/arma_x12.c:267:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[132];
data/gretl-2020e/plugin/arma_x12.c:334:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, *q, line[1024];
data/gretl-2020e/plugin/arma_x12.c:483:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[128], word[16];
data/gretl-2020e/plugin/arma_x12.c:556:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[64], date[9];
data/gretl-2020e/plugin/arma_x12.c:639:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[MAXLEN];
data/gretl-2020e/plugin/arma_x12.c:741:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(str, "%d.%d", maj, min);
data/gretl-2020e/plugin/arma_x12.c:801:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datestr[12];
data/gretl-2020e/plugin/arma_x12.c:924:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[512];
data/gretl-2020e/plugin/arma_x12.c:939:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char old[MAXLEN];
data/gretl-2020e/plugin/arma_x12.c:964:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char yname[VNAMELEN], path[MAXLEN];
data/gretl-2020e/plugin/dpanel.c:1129:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ystr[16];
data/gretl-2020e/plugin/dpanel.c:1189:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(ystr, "do_units: Y_%d", i);
data/gretl-2020e/plugin/eviews_import.c:61:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char c[2];
data/gretl-2020e/plugin/eviews_import.c:239:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[32];
data/gretl-2020e/plugin/eviews_import.c:361:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char s[8];
data/gretl-2020e/plugin/eviews_import.c:449:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tmp[32];
data/gretl-2020e/plugin/eviews_import.c:452:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char fmt[24];
data/gretl-2020e/plugin/eviews_import.c:454:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(fmt, "%%d:%%0%dd", p10 + 1);
data/gretl-2020e/plugin/eviews_import.c:457:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tmp, "%d:%d", startyr, startper);
data/gretl-2020e/plugin/eviews_import.c:462:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(dset->stobs, "%d", startyr);
data/gretl-2020e/plugin/eviews_import.c:478:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[22] = {0};
data/gretl-2020e/plugin/excel_import.c:114:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char cc[8];
data/gretl-2020e/plugin/excel_import.c:291:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char show[68];
data/gretl-2020e/plugin/excel_import.c:1387:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(dset->varname[j], "v%d", j);
data/gretl-2020e/plugin/excel_import.c:1389:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(dset->varname[j], "v%d", j);
data/gretl-2020e/plugin/excel_import.c:1391:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(dset->varname[j], "v%d", j);
data/gretl-2020e/plugin/fractals.c:238:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(hset->varname[1], "RSavg");
data/gretl-2020e/plugin/fractals.c:239:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(hset->varname[2], "size");
data/gretl-2020e/plugin/garch.c:39:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[24];
data/gretl-2020e/plugin/garch.c:63:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tmp, "alpha(%d)", i + 1);
data/gretl-2020e/plugin/garch.c:68:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tmp, "beta(%d)", i + 1);
data/gretl-2020e/plugin/garch.c:497:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(dset->varname[v], "uhat2");
data/gretl-2020e/plugin/geoplot.c:708:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[32];
data/gretl-2020e/plugin/geoplot.c:780:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[32];
data/gretl-2020e/plugin/geoplot.c:1341:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char infile[MAXLEN];
data/gretl-2020e/plugin/gnumeric_import.c:107:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(sheet->dset->varname[i], "v%d", i);
data/gretl-2020e/plugin/gnumeric_import.c:123:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	*vtype = atoi(tmp);
data/gretl-2020e/plugin/gnumeric_import.c:194:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		i = atoi(tmp);
data/gretl-2020e/plugin/gnumeric_import.c:202:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		j = atoi(tmp);
data/gretl-2020e/plugin/gnumeric_import.c:312:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char targ[12];
data/gretl-2020e/plugin/gnumeric_import.c:313:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		int mst = atoi(s);
data/gretl-2020e/plugin/gnumeric_import.c:390:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		c = atoi(tmp);
data/gretl-2020e/plugin/gnumeric_import.c:399:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		r = atoi(tmp);
data/gretl-2020e/plugin/gretlzip.c:98:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *array[2] = { path, NULL };
data/gretl-2020e/plugin/gretlzip.c:132:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *datnames[3] = {
data/gretl-2020e/plugin/heckit.c:1672:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(dset->varname[HC->millsvar], "lambda");
data/gretl-2020e/plugin/import_common.c:36:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[VNAMELEN] = {0};
data/gretl-2020e/plugin/import_common.c:69:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(vname, "v%d", vnum);
data/gretl-2020e/plugin/import_common.c:76:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *s, tmp[VNAMELEN];
data/gretl-2020e/plugin/import_common.c:87:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(vname, "v%d", vnum);
data/gretl-2020e/plugin/import_common.c:213:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(dname, ".gretl-ssheet-XXXXXX");
data/gretl-2020e/plugin/import_common.c:230:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(dname, ".gretl-ssheet-XXXXXX");
data/gretl-2020e/plugin/import_common.c:323:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dstr[12];
data/gretl-2020e/plugin/import_common.c:476:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char label[5];
data/gretl-2020e/plugin/import_common.c:481:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(label, "(%c)", a2);
data/gretl-2020e/plugin/import_common.c:485:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(label, "(%c%c)", a1, a2);
data/gretl-2020e/plugin/import_common.c:496:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int col = atoi(text);
data/gretl-2020e/plugin/import_common.c:510:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[MAXLEN];
data/gretl-2020e/plugin/interpolate.c:203:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[16];
data/gretl-2020e/plugin/interpolate.c:240:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tmp, "X%d", i - G->det + 1);
data/gretl-2020e/plugin/interpolate.c:430:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(vj, cval, colsz);
data/gretl-2020e/plugin/interpolate.c:1373:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(DDp->val + sNm, y0->val, N * sizeof(double));
data/gretl-2020e/plugin/interpolate.c:1377:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(y->val, tmp->val, sNm * sizeof(double));
data/gretl-2020e/plugin/iso3166.c:25:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ac2[3]; /* Alpha-2 code */
data/gretl-2020e/plugin/iso3166.c:26:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ac3[4]; /* Alpha-3 code */
data/gretl-2020e/plugin/iso3166.c:329:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char numout[4];
data/gretl-2020e/plugin/iso3166.c:351:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	numsrc = atoi(src);
data/gretl-2020e/plugin/iso3166.c:389:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(numout, "%03d", ccodes[i].nc);
data/gretl-2020e/plugin/iso3166.c:456:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char src[4];
data/gretl-2020e/plugin/iso3166.c:468:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(src, "%03d", k);
data/gretl-2020e/plugin/jmulti_import.c:11:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[VNAMELEN];
data/gretl-2020e/plugin/jmulti_import.c:166:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	y0 = atoi(s1);
data/gretl-2020e/plugin/jmulti_import.c:169:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(stobs, "%d", y0);
data/gretl-2020e/plugin/jmulti_import.c:173:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    p0 = atoi(s2 + 1);
data/gretl-2020e/plugin/jmulti_import.c:174:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(stobs, "%d:%d", y0, p0);
data/gretl-2020e/plugin/jmulti_import.c:178:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    p0 = atoi(s2 + 1);
data/gretl-2020e/plugin/jmulti_import.c:179:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(stobs, "%d:%02d", y0, p0);
data/gretl-2020e/plugin/jmulti_import.c:192:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s1[16], s2[8];
data/gretl-2020e/plugin/jmulti_import.c:251:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *s, numstr[32];
data/gretl-2020e/plugin/jmulti_import.c:307:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stobs[OBSLEN];
data/gretl-2020e/plugin/johansen.c:338:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char xstr[32], tmp[NAMETRUNC];
data/gretl-2020e/plugin/johansen.c:382:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(xstr, "%#.5g", x);
data/gretl-2020e/plugin/johansen.c:449:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[NAMETRUNC];
data/gretl-2020e/plugin/johansen.c:570:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[32];
data/gretl-2020e/plugin/johansen.c:572:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(msg, "Gamma matrix, lag %d", k+1);
data/gretl-2020e/plugin/jrestrict.c:2808:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[16], vname[NAMETRUNC];
data/gretl-2020e/plugin/jrestrict.c:2809:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namefmt[16];
data/gretl-2020e/plugin/jrestrict.c:2817:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ll0[32], ll1[32];
data/gretl-2020e/plugin/jrestrict.c:2820:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(ll0, "%.8g", jvar->ll);
data/gretl-2020e/plugin/jrestrict.c:2821:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(ll1, "%.8g", J->ll);
data/gretl-2020e/plugin/jrestrict.c:2846:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(namefmt, "%%-%ds", nwid);
data/gretl-2020e/plugin/jrestrict.c:2860:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(s, "(%#.5g)", gretl_matrix_get(sd, i, j));
data/gretl-2020e/plugin/jrestrict.c:2890:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(s, "(%#.5g)", gretl_matrix_get(sd, i, j));
data/gretl-2020e/plugin/json_get.c:1165:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[32];
data/gretl-2020e/plugin/json_get.c:1186:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmp, "%d", k);
data/gretl-2020e/plugin/json_get.c:1195:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmp, "%.15g", x);
data/gretl-2020e/plugin/json_get.c:1212:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmp, "%d", k);
data/gretl-2020e/plugin/kernel.c:100:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[128];
data/gretl-2020e/plugin/kernel.c:118:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, _("bandwidth = %g"), kinfo->h);
data/gretl-2020e/plugin/leverage.c:316:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fstr[32];
data/gretl-2020e/plugin/leverage.c:331:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(fstr, "%15.5g", f);
data/gretl-2020e/plugin/libole2/ms-ole.c:1046:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ptr, src, cpylen);
data/gretl-2020e/plugin/libole2/ms-ole.c:1093:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ptr, src, cpylen);
data/gretl-2020e/plugin/libshp/dbfopen.c:181:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(Fullname, Filename, nLenWithoutExtension);
data/gretl-2020e/plugin/libshp/dbfopen.c:182:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(Fullname + nLenWithoutExtension, ".dbf", 5);
data/gretl-2020e/plugin/libshp/dbfopen.c:188:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(Fullname + nLenWithoutExtension, ".DBF", 5);
data/gretl-2020e/plugin/libshp/dbfopen.c:192:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(Fullname + nLenWithoutExtension, ".cpg", 5);
data/gretl-2020e/plugin/libshp/dbfopen.c:195:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(Fullname + nLenWithoutExtension, ".CPG", 5);
data/gretl-2020e/plugin/libshp/dbfopen.c:259:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(DBF->CodePage, buf, n + 1);
data/gretl-2020e/plugin/libshp/dbfopen.c:404:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(DBF->WorkField,
data/gretl-2020e/plugin/libshp/dbfopen.c:414:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	DBF->fieldValue.IntField = atoi(DBF->WorkField);
data/gretl-2020e/plugin/libshp/dbfopen.c:599:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[XBASE_FLDNAME_LEN_READ+1];
data/gretl-2020e/plugin/libshp/shpopen.c:47:27:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define ByteCopy(a, b, c) memcpy(b, a, c)
data/gretl-2020e/plugin/libshp/shpopen.c:153:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(Fullname + baselen, ext1, 5);
data/gretl-2020e/plugin/libshp/shpopen.c:156:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(Fullname + baselen, ext2, 5);
data/gretl-2020e/plugin/libshp/shpopen.c:188:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(Fullname, Layer, baselen);
data/gretl-2020e/plugin/libshp/shpopen.c:283:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&dValue, buf+36, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:287:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&dValue, buf+44, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:291:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&dValue, buf+52, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:295:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&dValue, buf+60, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:299:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&dValue, buf+68, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:303:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&dValue, buf+76, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:307:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&dValue, buf+84, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:311:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&dValue, buf+92, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:373:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nOffset, buf + i * 8, 4);
data/gretl-2020e/plugin/libshp/shpopen.c:376:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nLength, buf + i * 8 + 4, 4);
data/gretl-2020e/plugin/libshp/shpopen.c:665:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nSHPContentLength, SHP->Rec + 4, 4);
data/gretl-2020e/plugin/libshp/shpopen.c:687:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nSHPType, SHP->Rec + 8, 4);
data/gretl-2020e/plugin/libshp/shpopen.c:734:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&(Shape->XMin), SHP->Rec + 8 +  4, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:735:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&(Shape->YMin), SHP->Rec + 8 + 12, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:736:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&(Shape->XMax), SHP->Rec + 8 + 20, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:737:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&(Shape->YMax), SHP->Rec + 8 + 28, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:748:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nPoints, SHP->Rec + 40 + 8, 4);
data/gretl-2020e/plugin/libshp/shpopen.c:749:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nParts, SHP->Rec + 36 + 8, 4);
data/gretl-2020e/plugin/libshp/shpopen.c:814:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(Shape->PartStart, SHP->Rec + 44 + 8, 4 * nParts);
data/gretl-2020e/plugin/libshp/shpopen.c:845:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(Shape->PartType, SHP->Rec + nOffset, 4*nParts);
data/gretl-2020e/plugin/libshp/shpopen.c:856:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(Shape->fX + i,
data/gretl-2020e/plugin/libshp/shpopen.c:860:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(Shape->fY + i,
data/gretl-2020e/plugin/libshp/shpopen.c:876:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&(Shape->ZMin), SHP->Rec + nOffset, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:877:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&(Shape->ZMax), SHP->Rec + nOffset + 8, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:883:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(Shape->fZ + i,
data/gretl-2020e/plugin/libshp/shpopen.c:900:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&(Shape->MMin), SHP->Rec + nOffset, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:901:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&(Shape->MMax), SHP->Rec + nOffset + 8, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:907:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(Shape->fM + i,
data/gretl-2020e/plugin/libshp/shpopen.c:934:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&nPoints, SHP->Rec + 44, 4);
data/gretl-2020e/plugin/libshp/shpopen.c:982:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(Shape->fX+i, SHP->Rec + 48 + 16 * i, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:983:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(Shape->fY+i, SHP->Rec + 48 + 16 * i + 8, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:994:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&(Shape->XMin), SHP->Rec + 8 +  4, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:995:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&(Shape->YMin), SHP->Rec + 8 + 12, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:996:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&(Shape->XMax), SHP->Rec + 8 + 20, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:997:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&(Shape->YMax), SHP->Rec + 8 + 28, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:1008:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&(Shape->ZMin), SHP->Rec + nOffset, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:1009:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&(Shape->ZMax), SHP->Rec + nOffset + 8, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:1015:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(Shape->fZ + i,
data/gretl-2020e/plugin/libshp/shpopen.c:1032:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&(Shape->MMin), SHP->Rec + nOffset, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:1033:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&(Shape->MMax), SHP->Rec + nOffset + 8, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:1039:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(Shape->fM + i,
data/gretl-2020e/plugin/libshp/shpopen.c:1078:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(Shape->fX, SHP->Rec + 12, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:1079:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(Shape->fY, SHP->Rec + 20, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:1090:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(Shape->fZ, SHP->Rec + nOffset, 8);
data/gretl-2020e/plugin/libshp/shpopen.c:1102:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(Shape->fM, SHP->Rec + nOffset, 8);
data/gretl-2020e/plugin/libsvm/svmlib.cpp:42:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((void *)dst, (void *)src, sizeof(T)*n);
data/gretl-2020e/plugin/libsvm/svmlib.cpp:69:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[BUFSIZ];
data/gretl-2020e/plugin/libsvm/svmlib.cpp:2906:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cmd[1025];
data/gretl-2020e/plugin/mailer.c:266:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[128];
data/gretl-2020e/plugin/mailer.c:283:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		minfo->passreq = atoi(line + 17);
data/gretl-2020e/plugin/mailer.c:333:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char line[128];
data/gretl-2020e/plugin/mailer.c:1010:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpfname[FILENAME_MAX];
data/gretl-2020e/plugin/mp_ols.c:217:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char numstr[64];
data/gretl-2020e/plugin/mp_ols.c:226:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(numstr, "%.*g", zdigits[i], dset->Z[i][t]);
data/gretl-2020e/plugin/mpack/encode.c:92:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char digest[18];
data/gretl-2020e/plugin/mpack/encode.c:116:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[1000];
data/gretl-2020e/plugin/mpack/encode.c:140:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char digest[25];
data/gretl-2020e/plugin/mpack/md5.h:37:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buffer[64];  /* input buffer */
data/gretl-2020e/plugin/mpack/md5c.c:52:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char PADDING[64] = {
data/gretl-2020e/plugin/mpack/md5c.c:129:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&context->buffer[index], input, partLen);
data/gretl-2020e/plugin/mpack/md5c.c:142:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&context->buffer[index], &input[i], inputLen-i);
data/gretl-2020e/plugin/mpack/md5c.c:151:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char bits[8];
data/gretl-2020e/plugin/odbc_import.c:51:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char inifile[FILENAME_MAX + 1] = "ODBC.INI";
data/gretl-2020e/plugin/odbc_import.c:52:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char section_names[4095] = {0};
data/gretl-2020e/plugin/odbc_import.c:62:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char driver[INI_MAX_OBJECT_NAME + 1];
data/gretl-2020e/plugin/odbc_import.c:63:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char desc[INI_MAX_OBJECT_NAME + 1];
data/gretl-2020e/plugin/odbc_import.c:64:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sect_name[INI_MAX_OBJECT_NAME + 1];
data/gretl-2020e/plugin/odbc_import.c:150:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char status[10]; /* SQL status */
data/gretl-2020e/plugin/odbc_import.c:154:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char msg[512];
data/gretl-2020e/plugin/odbc_import.c:268:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "%04d-%02d-%02d", (int) y, (int) m, (int) d);
data/gretl-2020e/plugin/odbc_import.c:301:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obsbit[OBSLEN];
data/gretl-2020e/plugin/odbc_import.c:593:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char status[10]; /* SQL status */
data/gretl-2020e/plugin/odbc_import.c:594:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char msg[512];
data/gretl-2020e/plugin/ods_import.c:373:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    h = atoi(s);
data/gretl-2020e/plugin/ods_import.c:389:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    w = atoi(s);
data/gretl-2020e/plugin/ods_import.c:695:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(sheet->dset->varname[i], "v%d", i);
data/gretl-2020e/plugin/ods_import.c:1048:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[48] = {0};
data/gretl-2020e/plugin/ods_import.c:1052:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen("mimetype", "r");
data/gretl-2020e/plugin/ods_import.c:1156:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    i = atoi(sheetname);
data/gretl-2020e/plugin/ods_import.c:1246:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dname[32];
data/gretl-2020e/plugin/panurc.c:557:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char NTstr[32];
data/gretl-2020e/plugin/panurc.c:575:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(NTstr, "N,T = (%d,%d)", N, dyT + 1);
data/gretl-2020e/plugin/pca.c:198:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pcname[16];
data/gretl-2020e/plugin/pca.c:252:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(pcname, "PC%d", done + j + 1);
data/gretl-2020e/plugin/pca.c:381:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(dset->varname[vi], "PC%d", i+1);
data/gretl-2020e/plugin/range-mean.c:187:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char startdate[OBSLEN], enddate[OBSLEN];
data/gretl-2020e/plugin/regls.c:415:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(targ->val, src->val, n * sizeof *targ->val);
data/gretl-2020e/plugin/regls.c:845:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(a, bj, asize);
data/gretl-2020e/plugin/regls.c:1150:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dest, src, csize);
data/gretl-2020e/plugin/regls.c:1604:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(bj->val, B->val + j*B->rows, sz);
data/gretl-2020e/plugin/regls.c:1850:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(B->val + offset, b->val, k * sizeof *b->val);
data/gretl-2020e/plugin/regls.c:1969:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(targ, b->val, k * sizeof *targ);
data/gretl-2020e/plugin/regls.c:2354:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(b->val, B->val + j*k, bsize);
data/gretl-2020e/plugin/regls.c:2417:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(b->val, B->val + j*k, bsize);
data/gretl-2020e/plugin/reprobit.c:515:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pname[8];
data/gretl-2020e/plugin/reprobit.c:517:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(pname, "P%d.mat", iter);
data/gretl-2020e/plugin/sas_import.c:40:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char nname[8];
data/gretl-2020e/plugin/sas_import.c:41:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char nlabel[40];
data/gretl-2020e/plugin/sas_import.c:42:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char nform[8];
data/gretl-2020e/plugin/sas_import.c:46:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char nfill[2];
data/gretl-2020e/plugin/sas_import.c:47:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char niform[8];
data/gretl-2020e/plugin/sas_import.c:57:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[9];     /* name of variable */
data/gretl-2020e/plugin/sas_import.c:58:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label[41];   /* descriptive label */
data/gretl-2020e/plugin/sas_import.c:72:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char revdate[18]; /* last revision date of SAS file */
data/gretl-2020e/plugin/sas_import.c:133:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[8];
data/gretl-2020e/plugin/sas_import.c:140:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(temp, xport, 8);
data/gretl-2020e/plugin/sas_import.c:149:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((char *) &xport1, temp, 4); 
data/gretl-2020e/plugin/sas_import.c:150:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((char *) &xport2, temp + 4, 4); 
data/gretl-2020e/plugin/sas_import.c:191:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ieee, (char *) &ieee1, 4);
data/gretl-2020e/plugin/sas_import.c:192:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ieee + 4, (char *) &ieee2, 4);
data/gretl-2020e/plugin/sas_import.c:196:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[8];
data/gretl-2020e/plugin/sas_import.c:203:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char temp[8]; 
data/gretl-2020e/plugin/sas_import.c:207:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(temp, src, 8); 
data/gretl-2020e/plugin/sas_import.c:239:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[9] = {0};
data/gretl-2020e/plugin/sas_import.c:240:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label[42] = {0};
data/gretl-2020e/plugin/sas_import.c:284:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dstr[18], mon[4];
data/gretl-2020e/plugin/sas_import.c:303:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[4] = {0};
data/gretl-2020e/plugin/sas_import.c:306:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return atoi(tmp);
data/gretl-2020e/plugin/sas_import.c:313:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[5] = {0};
data/gretl-2020e/plugin/sas_import.c:317:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nvars = atoi(tmp);
data/gretl-2020e/plugin/sas_import.c:324:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hstr[14];
data/gretl-2020e/plugin/sas_import.c:419:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char c8[8];
data/gretl-2020e/plugin/sas_import.c:449:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(c8, buf + pos, 8);
data/gretl-2020e/plugin/sas_import.c:480:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[160];
data/gretl-2020e/plugin/sas_import.c:550:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[240];
data/gretl-2020e/plugin/spss_import.c:84:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[VNAMELEN];
data/gretl-2020e/plugin/spss_import.c:85:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label[MAXLABEL];
data/gretl-2020e/plugin/spss_import.c:98:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rec_type[4];           /* Record-type code, "$FL2" */
data/gretl-2020e/plugin/spss_import.c:99:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char prod_name[60];         /* Product identification */
data/gretl-2020e/plugin/spss_import.c:106:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char creation_date[9];      /* 'dd mmm yy' creation date of file */
data/gretl-2020e/plugin/spss_import.c:107:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char creation_time[8];      /* 'hh:mm:ss' 24-hour creation time */
data/gretl-2020e/plugin/spss_import.c:108:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char file_label[64];        /* File label */
data/gretl-2020e/plugin/spss_import.c:109:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char padding[3];
data/gretl-2020e/plugin/spss_import.c:122:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[8];		/* Variable name */
data/gretl-2020e/plugin/spss_import.c:138:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char x[sizeof(double)];
data/gretl-2020e/plugin/spss_import.c:188:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char c[8];
data/gretl-2020e/plugin/spss_import.c:193:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char c[8];
data/gretl-2020e/plugin/spss_import.c:203:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[512];
data/gretl-2020e/plugin/spss_import.c:379:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cpage[8];
data/gretl-2020e/plugin/spss_import.c:383:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(cpage, "CP%d", encoding);
data/gretl-2020e/plugin/spss_import.c:397:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(targ, "unknown");
data/gretl-2020e/plugin/spss_import.c:405:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[VNAMELEN] = {0};
data/gretl-2020e/plugin/spss_import.c:708:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char label[256] = {0};
data/gretl-2020e/plugin/spss_import.c:1028:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&v->missing[j], &mv[j], v->width);
data/gretl-2020e/plugin/spss_import.c:1186:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char prod_name[sizeof hdr->prod_name + 1];
data/gretl-2020e/plugin/spss_import.c:1189:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(prod_name, hdr->prod_name, sizeof hdr->prod_name);
data/gretl-2020e/plugin/spss_import.c:1211:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datestr[10];
data/gretl-2020e/plugin/spss_import.c:1216:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(datestr, hdr->creation_date, 9);
data/gretl-2020e/plugin/spss_import.c:1226:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(label, s, i + 1);
data/gretl-2020e/plugin/spss_import.c:1486:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(tmp++, ext->ptr++, sizeof *tmp);
data/gretl-2020e/plugin/spss_import.c:1532:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ext->x, ext->ptr++, sizeof *tmp);
data/gretl-2020e/plugin/spss_import.c:1606:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char raw[256], cval[256];
data/gretl-2020e/plugin/spss_import.c:1610:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(raw, &tmp[v->offset], len);
data/gretl-2020e/plugin/spss_import.c:1654:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label[MAXLABEL];
data/gretl-2020e/plugin/spss_import.c:1835:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char label[256];
data/gretl-2020e/plugin/spss_import.c:1955:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[5] = {0};
data/gretl-2020e/plugin/stata_export.c:65:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char data_label[81]; /* dataset label */
data/gretl-2020e/plugin/stata_export.c:66:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char time_stamp[18]; /* date/time saved */
data/gretl-2020e/plugin/stata_export.c:79:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char labname[33];    /* name of table */
data/gretl-2020e/plugin/stata_export.c:80:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char padding[3];
data/gretl-2020e/plugin/stata_export.c:113:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(lbl.labname, "S%d", v);
data/gretl-2020e/plugin/stata_export.c:175:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[244] = {0};
data/gretl-2020e/plugin/stata_export.c:343:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obs[OBSLEN];
data/gretl-2020e/plugin/stata_export.c:350:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	t0 = atoi(obs);
data/gretl-2020e/plugin/stata_export.c:351:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(timevar, "year");
data/gretl-2020e/plugin/stata_export.c:363:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(timevar, "date");
data/gretl-2020e/plugin/stata_export.c:366:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	t0 = atoi(obs);
data/gretl-2020e/plugin/stata_export.c:367:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(timevar, "generic_t");
data/gretl-2020e/plugin/stata_export.c:374:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(timevar, "_t");
data/gretl-2020e/plugin/stata_export.c:384:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(buf, "years since 0 CE");
data/gretl-2020e/plugin/stata_export.c:386:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(buf, "quarters since 1960q1");
data/gretl-2020e/plugin/stata_export.c:388:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(buf, "months since 1960m1");
data/gretl-2020e/plugin/stata_export.c:390:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(buf, "period of observation");
data/gretl-2020e/plugin/stata_export.c:392:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(buf, "date of observation");
data/gretl-2020e/plugin/stata_export.c:426:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[96];
data/gretl-2020e/plugin/stata_export.c:427:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char timevar[16];
data/gretl-2020e/plugin/stata_export.c:513:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf, "%%t%c", *timevar);
data/gretl-2020e/plugin/stata_export.c:521:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(buf, "%8.0g");
data/gretl-2020e/plugin/stata_export.c:523:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(buf, "%12.0g");
data/gretl-2020e/plugin/stata_export.c:525:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(buf, "%9.0g");
data/gretl-2020e/plugin/stata_export.c:540:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf, "S%d", i);
data/gretl-2020e/plugin/stata_import.c:669:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[VNAMELEN];
data/gretl-2020e/plugin/stata_import.c:775:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(dset->stobs, "%d:%02d", yr, mo);
data/gretl-2020e/plugin/stata_import.c:779:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(dset->stobs, "%d:%d", yr, q);
data/gretl-2020e/plugin/stata_import.c:803:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(dset->S[t], "%04d-%02d-%02d", y, m, d);
data/gretl-2020e/plugin/stata_import.c:830:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(dset->stobs, "%d:%02d", y, m);
data/gretl-2020e/plugin/stata_import.c:835:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(dset->stobs, "%d:%d", y, q);
data/gretl-2020e/plugin/stata_import.c:870:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(dset->stobs, "%d", y);
data/gretl-2020e/plugin/stata_import.c:979:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[130];
data/gretl-2020e/plugin/stata_import.c:1092:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf, "v%d", v);
data/gretl-2020e/plugin/stata_import.c:1240:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[32];
data/gretl-2020e/plugin/stata_import.c:1260:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[4];
data/gretl-2020e/plugin/stata_import.c:1304:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vobytes[8];
data/gretl-2020e/plugin/stata_import.c:1319:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&v, vobytes, 2);
data/gretl-2020e/plugin/stata_import.c:1320:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(targ, vobytes + 2, 6);
data/gretl-2020e/plugin/stata_import.c:1385:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label[321]; /* dataset label */
data/gretl-2020e/plugin/stata_import.c:1386:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aname[129]; /* variable names */
data/gretl-2020e/plugin/stata_import.c:1387:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char c60[60];    /* misc strings */
data/gretl-2020e/plugin/stata_import.c:1391:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/gretl-2020e/plugin/stata_import.c:1571:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char test[16] = {0};
data/gretl-2020e/plugin/stata_import.c:1626:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label[81], c50[50], aname[33];
data/gretl-2020e/plugin/stata_import.c:1630:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char strbuf[256];
data/gretl-2020e/plugin/stata_import.c:1906:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char order[4];
data/gretl-2020e/plugin/stata_import.c:1907:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[96];
data/gretl-2020e/plugin/stata_import.c:2093:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[12] = {0};
data/gretl-2020e/plugin/stats_tables.c:149:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datfile[FILENAME_MAX];
data/gretl-2020e/plugin/stats_tables.c:152:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[14];
data/gretl-2020e/plugin/svm.c:105:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char foldname[VNAMELEN];
data/gretl-2020e/plugin/svm.c:491:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(m->val, xvals, n * sizeof *xvals);
data/gretl-2020e/plugin/svm.c:505:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(list + 1, ivals, n * sizeof *ivals);
data/gretl-2020e/plugin/svm.c:701:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ret, m->val, n * sizeof *ret);
data/gretl-2020e/plugin/svm.c:731:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ret, list + 1, n * sizeof *ret);
data/gretl-2020e/plugin/svm.c:793:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(model->sv_coef[j], val, l * sizeof *val);
data/gretl-2020e/plugin/svm.c:909:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[512];
data/gretl-2020e/plugin/svm.c:1361:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char labnum[32];
data/gretl-2020e/plugin/svm.c:1370:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(labnum, "%d", ls[i].val);
data/gretl-2020e/plugin/svm.c:2738:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char obs1[OBSLEN], obs2[OBSLEN];
data/gretl-2020e/plugin/tramo-x12a.c:512:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(p + 1, "seats");
data/gretl-2020e/plugin/tramo-x12a.c:514:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(seats, "seats");
data/gretl-2020e/plugin/tramo-x12a.c:554:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[32];
data/gretl-2020e/plugin/tramo-x12a.c:688:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[MAXLEN];
data/gretl-2020e/plugin/tramo-x12a.c:703:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(fname, ".out");
data/gretl-2020e/plugin/tramo-x12a.c:713:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[MAXLEN];
data/gretl-2020e/plugin/tramo-x12a.c:738:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, line[MAXLEN];
data/gretl-2020e/plugin/tramo-x12a.c:739:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char outname[MAXLEN];
data/gretl-2020e/plugin/tramo-x12a.c:770:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[128], sfname[MAXLEN];
data/gretl-2020e/plugin/tramo-x12a.c:771:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char varname[VNAMELEN], date[16];
data/gretl-2020e/plugin/tramo-x12a.c:772:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label[MAXLABEL];
data/gretl-2020e/plugin/tramo-x12a.c:845:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(varname, "%.8s_%.2s", dset->varname[0],
data/gretl-2020e/plugin/tramo-x12a.c:854:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(label, " (X-12-ARIMA)");
data/gretl-2020e/plugin/tramo-x12a.c:856:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(label, " (TRAMO/SEATS)");
data/gretl-2020e/plugin/tramo-x12a.c:858:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(label, " (TRAMO)");
data/gretl-2020e/plugin/tramo-x12a.c:895:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(date, "%d.%d", yr, per);
data/gretl-2020e/plugin/tramo-x12a.c:917:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[128], sfname[MAXLEN], date[16];
data/gretl-2020e/plugin/tramo-x12a.c:985:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(date, "%d.%d", yr, per);
data/gretl-2020e/plugin/tramo-x12a.c:1010:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[128], sfname[MAXLEN];
data/gretl-2020e/plugin/tramo-x12a.c:1026:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(sfname, ".out");
data/gretl-2020e/plugin/tramo-x12a.c:1156:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, tmp[16];
data/gretl-2020e/plugin/tramo-x12a.c:1170:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "%g", x);
data/gretl-2020e/plugin/tramo-x12a.c:1173:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	startper = atoi(p + 1);
data/gretl-2020e/plugin/tramo-x12a.c:1226:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, tmp[16];
data/gretl-2020e/plugin/tramo-x12a.c:1240:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "%g", x);
data/gretl-2020e/plugin/tramo-x12a.c:1441:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[128];
data/gretl-2020e/plugin/tramo-x12a.c:1525:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(outname, ".spc");
data/gretl-2020e/plugin/tramo-x12a.c:1543:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(outname, ".err");
data/gretl-2020e/plugin/tramo-x12a.c:1547:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(outname, ".out");
data/gretl-2020e/plugin/tramo-x12a.c:1580:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vname[VNAMELEN];
data/gretl-2020e/plugin/tramo-x12a.c:1653:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(fname, ".spc");
data/gretl-2020e/plugin/tramo-x12a.c:1682:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char seats[MAXLEN];
data/gretl-2020e/plugin/tramo-x12a.c:1703:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(fname, ".err");
data/gretl-2020e/plugin/tramo-x12a.c:1711:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(fname, ".out");
data/gretl-2020e/plugin/tramo-x12a.c:1785:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[MAXLEN];
data/gretl-2020e/plugin/tramo-x12a.c:1816:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(fname, ".spc");
data/gretl-2020e/plugin/tramo-x12a.c:1827:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char seats[MAXLEN];
data/gretl-2020e/plugin/tramo-x12a.c:1851:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[MAXLEN];
data/gretl-2020e/plugin/tramo_options.c:497:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(request->opts[idx].savename, "%.8s_%.2s", request->yname,
data/gretl-2020e/plugin/tramo_x12a.h:38:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char savename[VNAMELEN];
data/gretl-2020e/plugin/tramo_x12a.h:52:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char yname[VNAMELEN];
data/gretl-2020e/plugin/urcdist.c:465:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datafile[FILENAME_MAX];
data/gretl-2020e/plugin/urcdist.c:609:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fdb = fopen("debug.txt", "w");
data/gretl-2020e/plugin/vif.c:124:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[16];
data/gretl-2020e/plugin/vif.c:144:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tmp, "x%d", i+1);
data/gretl-2020e/plugin/vif.c:333:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fmt[16];
data/gretl-2020e/plugin/vif.c:339:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fmt, "%%%d.3f", len);
data/gretl-2020e/plugin/vif.c:430:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[16];
data/gretl-2020e/plugin/vif.c:436:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(fmt, "%%%d.3f", sp);
data/gretl-2020e/plugin/vif.c:473:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pname[VNAMELEN];
data/gretl-2020e/plugin/xlsx_import.c:60:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sheetfile[FILENAME_MAX];
data/gretl-2020e/plugin/xlsx_import.c:61:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stringsfile[FILENAME_MAX];
data/gretl-2020e/plugin/xlsx_import.c:149:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	n = atoi(tmp);
data/gretl-2020e/plugin/xlsx_import.c:259:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int i = atoi(idx);
data/gretl-2020e/plugin/xlsx_import.c:291:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char colref[8];
data/gretl-2020e/plugin/xlsx_import.c:305:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    *row = atoi(s + i--);
data/gretl-2020e/plugin/xlsx_import.c:571:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char c, cref[8] = {0};
data/gretl-2020e/plugin/xlsx_import.c:598:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    gchar *tmp = g_strdup_printf("%d", atoi(s) + k);
data/gretl-2020e/plugin/xlsx_import.c:943:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(xinfo->dset->varname[i], "v%d", i);
data/gretl-2020e/plugin/xlsx_import.c:989:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(xinfo->stringsfile, "xl%csharedStrings.xml", SLASH);
data/gretl-2020e/plugin/xlsx_import.c:1355:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		insheet_idx = atoi(insheet) - 1;
data/gretl-2020e/plugin/xlsx_import.c:1501:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		date_min = date_max = atoi(dset->S[t]);
data/gretl-2020e/plugin/xlsx_import.c:1504:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    d = atoi(dset->S[t]);
data/gretl-2020e/plugin/xlsx_import.c:1511:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    d = atoi(dset->S[t]) - atoi(dset->S[t-1]);
data/gretl-2020e/plugin/xlsx_import.c:1511:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    d = atoi(dset->S[t]) - atoi(dset->S[t-1]);
data/gretl-2020e/plugin/xlsx_import.c:1522:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			t, atoi(dset->S[t]), atoi(dset->S[t-1]), d);
data/gretl-2020e/plugin/xlsx_import.c:1522:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			t, atoi(dset->S[t]), atoi(dset->S[t-1]), d);
data/gretl-2020e/plugin/xlsx_import.c:1589:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char datestr[OBSLEN];
data/gretl-2020e/plugin/xlsx_import.c:1593:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    MS_excel_date_string(datestr, atoi(dset->S[t]), 0, 0);
data/gretl-2020e/plugin/xlsx_import.c:1663:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dname[32];
data/gretl-2020e/plugin/zipunzip/zipfile.c:152:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char b[CENHEAD];            /* buffer for central headers */
data/gretl-2020e/plugin/zipunzip/zipfile.c:153:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[4096 + 4];         /* temp buffer */
data/gretl-2020e/plugin/zipunzip/zipfile.c:398:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buf2[16];
data/gretl-2020e/plugin/zipunzip/zipmain.c:180:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char zerrbuf[ZERRLEN];
data/gretl-2020e/plugin/zipunzip/zipmain.c:191:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(zerrbuf, "zip error %d", err);
data/gretl-2020e/plugin/zipunzip/zipmain.c:212:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(zerrbuf, " (");
data/gretl-2020e/plugin/zipunzip/zipmain.c:297:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(templ, "ziXXXXXX");
data/gretl-2020e/plugin/zipunzip/zipmain.c:522:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempzip[FILENAME_MAX]; /* name for temporary zipfile */
data/gretl-2020e/plugin/zipunzip/zipmain.c:1076:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempzip[FILENAME_MAX]; /* filename for temp zipfile */
data/gretl-2020e/plugin/zipunzip/zipwork.c:539:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *dtarg, dirname[FILENAME_MAX];
data/gretl-2020e/plugin/zipunzip/zsystem.c:39:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[FNMAX];
data/gretl-2020e/plugin/zipunzip/zsystem.c:486:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(z->cextra, z->extra, EB_C_UT_SIZE);
data/gretl-2020e/plugin/zipunzip/zsystem.c:488:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(z->cextra + EB_C_UT_SIZE, z->extra + EB_L_UT_SIZE, EB_C_UX2_SIZE);
data/gretl-2020e/share/bcih/mkbin.c:24:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datpath[512];
data/gretl-2020e/share/bcih/mkbin.c:48:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fdat = fopen(datpath, "r");
data/gretl-2020e/share/bcih/mkbin.c:54:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fbin = fopen(binfile, "wb");
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:22:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[8];
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:30:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datname[32];
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:34:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char model_spec[256];
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:60:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char worst_coeff_name[16];
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:61:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char worst_sderr_name[16];
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:287:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(line, "params ");
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:425:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[64];
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:443:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(datainfo->varname[2], "x1");
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:444:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(datainfo->varname[3], "x2");
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:475:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[128];
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:517:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[128];
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:552:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(tester.datname, "No data");
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:553:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(tester.model_spec, "nls ");
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:572:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[128];
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:686:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(datainfo->varname[1], "log_y_");
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:748:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char v1[48], v2[48];
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:761:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(v1, "%#.*g", CHECK_DIGITS, tester.coeffs[i].val);
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:762:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(v2, "%#.*g", CHECK_DIGITS, pmod->coeff[j]);
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:773:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(v1, "%#.*g", CHECK_DIGITS, tester.coeffs[i].sderr);
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:774:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(v2, "%#.*g", CHECK_DIGITS, pmod->sderr[j]);
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:788:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char v1[48], v2[48];
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:798:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(v1, "%#.*g", digits, tester.coeffs[i].val);
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:799:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(v2, "%#.*g", digits, pmod->coeff[j]);
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:802:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char s[32];
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:809:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(v1, "%#.*g", digits, tester.coeffs[i].sderr);
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:810:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(v2, "%#.*g", digits, pmod->sderr[j]);
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:813:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char s[32];
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:857:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[512];
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:1007:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[32];
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:1010:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(datlist, "r");
data/gretl-2020e/tests/nistcheck.c:44:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char datadir[FILENAME_MAX];
data/gretl-2020e/tests/nistcheck.c:130:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char numstr[64];
data/gretl-2020e/tests/nistcheck.c:140:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(dset->varname[i], "x%d", i - 1);
data/gretl-2020e/tests/nistcheck.c:175:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[MAXLEN];
data/gretl-2020e/tests/nistcheck.c:303:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, line[MAXLEN], difficulty[48];
data/gretl-2020e/tests/nistcheck.c:476:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(dset->varname[i+1], "x^%d", i);
data/gretl-2020e/tests/nistcheck.c:495:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label[32];
data/gretl-2020e/tests/nistcheck.c:504:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(label, "B[%d]", i);
data/gretl-2020e/tests/nistcheck.c:510:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(label, "Std.Err.");
data/gretl-2020e/tests/nistcheck.c:640:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char label[24];
data/gretl-2020e/tests/nistcheck.c:643:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(label, "B[%d] estimate", i);
data/gretl-2020e/tests/rng/gretltest.c:46:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    sz = atoi(s + 7);
data/gretl-2020e/utils/FRB/frb2db.c:36:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[16];
data/gretl-2020e/utils/FRB/frb2db.c:37:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char descrip[128];
data/gretl-2020e/utils/FRB/frb2db.c:58:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return atoi(s) == 129; /* see frb_common.xsd */
data/gretl-2020e/utils/FRB/frb2db.c:183:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[256] = {0};
data/gretl-2020e/utils/FRB/frb2db.c:270:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, tmp[64];
data/gretl-2020e/utils/FRB/frb2db.c:469:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fidx = fopen("fedbog.idx", "w");
data/gretl-2020e/utils/FRB/frb2db.c:470:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fbin = fopen("fedbog.bin", "wb");
data/gretl-2020e/utils/FRED/fred2db.c:61:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sername[MAXNAME]; /* current series name, if applicable */
data/gretl-2020e/utils/FRED/fred2db.c:62:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stobs[OBSLEN];    /* current starting obs, if applicable */
data/gretl-2020e/utils/FRED/fred2db.c:65:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char API_KEY[33];
data/gretl-2020e/utils/FRED/fred2db.c:96:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[32], vname[16];
data/gretl-2020e/utils/FRED/fred2db.c:101:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(fname, "r");
data/gretl-2020e/utils/FRED/fred2db.c:179:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "%d", y);
data/gretl-2020e/utils/FRED/fred2db.c:182:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "%d.%d", y, (int) ceil(m / 3.0));
data/gretl-2020e/utils/FRED/fred2db.c:185:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(targ, "%d.%02d", y, m);
data/gretl-2020e/utils/FRED/fred2db.c:235:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obs[16];
data/gretl-2020e/utils/FRED/fred2db.c:246:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	fb->nobs = atoi((const char *) count);
data/gretl-2020e/utils/FRED/fred2db.c:318:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    return strcpy(targ, "gdpdef");
data/gretl-2020e/utils/FRED/fred2db.c:320:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    return strcpy(targ, "gdppidxca");
data/gretl-2020e/utils/FRED/fred2db.c:322:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    return strcpy(targ, "gdppidxq");
data/gretl-2020e/utils/FRED/fred2db.c:339:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	return strcpy(targ, "A191RD3A086NBEA");
data/gretl-2020e/utils/FRED/fred2db.c:341:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	return strcpy(targ, "A191RG3A086NBEA");
data/gretl-2020e/utils/FRED/fred2db.c:343:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	return strcpy(targ, "A191RG3Q086SBEA");
data/gretl-2020e/utils/FRED/fred2db.c:400:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char stobs[16], endobs[16], sername[32];
data/gretl-2020e/utils/FRED/fred2db.c:518:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(fb->buf + fb->size, buf, gotsize);
data/gretl-2020e/utils/FRED/fred2db.c:535:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char url[1024];
data/gretl-2020e/utils/FRED/fred2db.c:591:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(fname, "r");
data/gretl-2020e/utils/FRED/fred2db.c:598:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[64];
data/gretl-2020e/utils/FRED/fred2db.c:617:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[32];
data/gretl-2020e/utils/FRED/fred2db.c:630:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fidx = fopen("fedstl.idx", "w");
data/gretl-2020e/utils/FRED/fred2db.c:631:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fbin = fopen("fedstl.bin", "wb");
data/gretl-2020e/utils/dbzip/gretlzip.c:40:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char timebuf[32];
data/gretl-2020e/utils/dbzip/gretlzip.c:43:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(timebuf, "%4d%02d%02d", 
data/gretl-2020e/utils/dbzip/gretlzip.c:128:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[40];
data/gretl-2020e/utils/dbzip/gretlzip.c:129:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char idxname[MAXLEN], binname[MAXLEN], cbname[MAXLEN];
data/gretl-2020e/utils/dbzip/gretlzip.c:131:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gzbuf[BUFSIZE];
data/gretl-2020e/utils/dbzip/gretlzip.c:137:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gzname, ".gz");
data/gretl-2020e/utils/dbzip/gretlzip.c:139:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fidx = fopen(idxname, "rb");
data/gretl-2020e/utils/dbzip/gretlzip.c:145:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fbin = fopen(binname, "rb");
data/gretl-2020e/utils/dbzip/gretlzip.c:152:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fcb = fopen(cbname, "rb");
data/gretl-2020e/utils/dbzip/gretlzip.c:160:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fcb = fopen(cbname, "rb");
data/gretl-2020e/utils/dbzip/gretlzip.c:188:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tmp, "%8lu ", fbuf.st_size);
data/gretl-2020e/utils/dbzip/gretlzip.c:240:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char idxname[MAXLEN], binname[MAXLEN], cbname[MAXLEN];
data/gretl-2020e/utils/dbzip/gretlzip.c:241:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gzbuf[BUFSIZE];
data/gretl-2020e/utils/dbzip/gretlzip.c:246:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(fname, ".gz");
data/gretl-2020e/utils/dbzip/gretlzip.c:352:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[MAXLEN], outname[MAXLEN], infobuf[INFOLEN];
data/gretl-2020e/utils/scriptfix/scriptfix.c:76:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fixup[LLEN];
data/gretl-2020e/utils/scriptfix/scriptfix.c:260:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[LLEN], orig[LLEN];
data/gretl-2020e/utils/scriptfix/scriptfix.c:261:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char funcname[32];
data/gretl-2020e/utils/scriptfix/scriptfix.c:262:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pkgver[16];
data/gretl-2020e/utils/scriptfix/scriptfix.c:263:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pkgdate[16];
data/gretl-2020e/utils/scriptfix/scriptfix.c:290:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(fname, "rb");
data/gretl-2020e/utils/scriptfix/scriptfix.c:297:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fq = fopen(fixname, "w");
data/gretl-2020e/cli/complete.c:33:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *r = malloc(strlen(s) + 1);
data/gretl-2020e/cli/gretlcli-mpi.c:185:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(line);
data/gretl-2020e/cli/gretlcli-mpi.c:275:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	memmove(s->line, s->more, strlen(s->more) + 1);
data/gretl-2020e/cli/gretlcli-mpi.c:302:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(line) + strlen(tmp) > MAXLINE - 1) {
data/gretl-2020e/cli/gretlcli-mpi.c:302:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(line) + strlen(tmp) > MAXLINE - 1) {
data/gretl-2020e/cli/gretlcli-mpi.c:585:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	    strncpy(datafile, fname, MAXLEN - 1);
data/gretl-2020e/cli/gretlcli-mpi.c:715:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(datafile, newfile, MAXLEN - 1);
data/gretl-2020e/cli/gretlcli.c:243:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(line);
data/gretl-2020e/cli/gretlcli.c:358:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (strlen(line_read) > MAXLINE - 2) {
data/gretl-2020e/cli/gretlcli.c:362:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(s->line, line_read, MAXLINE - 2);
data/gretl-2020e/cli/gretlcli.c:363:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(s->line, "\n");
data/gretl-2020e/cli/gretlcli.c:380:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	memmove(s->line, s->more, strlen(s->more) + 1);
data/gretl-2020e/cli/gretlcli.c:424:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(line) + strlen(tmp) > MAXLINE - 1) {
data/gretl-2020e/cli/gretlcli.c:424:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(line) + strlen(tmp) > MAXLINE - 1) {
data/gretl-2020e/cli/gretlcli.c:458:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(tmp) > MAXLINE - 1) {
data/gretl-2020e/cli/gretlcli.c:926:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	    strncpy(datafile, fname, MAXLEN - 1);
data/gretl-2020e/cli/gretlcli.c:1068:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(datafile, newfile, MAXLEN - 1);
data/gretl-2020e/dcmt/dc.h:27:20:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    uint32_t wmask,umask,lmask;
data/gretl-2020e/dcmt/genmtrand.c:64:13:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	uuu = mts->umask; lll = mts->lmask;
data/gretl-2020e/dcmt/prescr.c:469:2:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	getchar();
data/gretl-2020e/dcmt/seive.c:374:23:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    dst->umask = src->umask;
data/gretl-2020e/gui/calculator.c:955:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(s, text, 31);
data/gretl-2020e/gui/calculator.c:3177:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(s) + 1;
data/gretl-2020e/gui/clipboard.c:177:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			       strlen(clipboard_buf));
data/gretl-2020e/gui/cmdstack.c:140:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (s[strlen(s)-1] != '\n') {
data/gretl-2020e/gui/cmdstack.c:251:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(s);
data/gretl-2020e/gui/cmdstack.c:285:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(line) < maxline) {
data/gretl-2020e/gui/cmdstack.c:300:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    p += strlen(buf);
data/gretl-2020e/gui/cmdstack.c:334:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen(s);
data/gretl-2020e/gui/cmdstack.c:367:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(test, s, 5);
data/gretl-2020e/gui/cmdstack.c:392:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(s) > 2 && *s != '#' &&
data/gretl-2020e/gui/console.c:500:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(targ) + strlen(src) + 1 > MAXLINE) {
data/gretl-2020e/gui/console.c:500:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(targ) + strlen(src) + 1 > MAXLINE) {
data/gretl-2020e/gui/console.c:522:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t n = strlen(s);
data/gretl-2020e/gui/database.c:157:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t n = strlen(buf);
data/gretl-2020e/gui/database.c:1376:2:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	sscanf(str, "%c %10s - %10s %*s = %d",
data/gretl-2020e/gui/database.c:1453:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(line1);
data/gretl-2020e/gui/database.c:1469:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(sername);
data/gretl-2020e/gui/database.c:1531:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(sername);
data/gretl-2020e/gui/database.c:1856:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	if (sscanf(tmp, "%c %10s %*s %10s %*s %*s %d",
data/gretl-2020e/gui/database.c:3025:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (*tmp == '#' && strlen(tmp) > 2) {
data/gretl-2020e/gui/database.c:3112:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(fname);
data/gretl-2020e/gui/database.c:3219:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (sscanf(line, "%*s%*s%3s%2d%8s%4d%31s",
data/gretl-2020e/gui/database.c:3268:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(src, s, 95);
data/gretl-2020e/gui/database.c:3835:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    doc = xmlParseMemory(getbuf, strlen(getbuf));
data/gretl-2020e/gui/datafiles.c:122:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(s1);
data/gretl-2020e/gui/datafiles.c:326:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    size_t len = strlen(dname);
data/gretl-2020e/gui/datafiles.c:915:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(line);
data/gretl-2020e/gui/datafiles.c:1981:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (s != NULL && strlen(s) < 48) {
data/gretl-2020e/gui/datafiles.c:2360:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(fname) - 4;
data/gretl-2020e/gui/datafiles.c:2385:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(path) - 9;
data/gretl-2020e/gui/datafiles.c:2536:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    gchar *pkgname = g_strndup(shortname, strlen(shortname) - 4);
data/gretl-2020e/gui/datafiles.c:2712:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t n = strlen(p0);
data/gretl-2020e/gui/datafiles.c:2714:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(p1) > n && !strncmp(p1, p0, n) &&
data/gretl-2020e/gui/datawiz.c:336:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(dwinfo->stobs, "1");
data/gretl-2020e/gui/datawiz.c:608:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(ctxt, "\n");
data/gretl-2020e/gui/datawiz.c:660:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(dwinfo->stobs, "0");
data/gretl-2020e/gui/datawiz.c:662:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(dwinfo->stobs, "1");
data/gretl-2020e/gui/datawiz.c:664:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	    strcpy(dwinfo->stobs, "1");
data/gretl-2020e/gui/datawiz.c:667:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(dwinfo->stobs, "1");
data/gretl-2020e/gui/datawiz.c:697:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	    strcpy(dwinfo->stobs, "1");
data/gretl-2020e/gui/dialogs.c:352:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(s, str, 31);
data/gretl-2020e/gui/dialogs.c:5450:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(err) >= MAXLEN) {
data/gretl-2020e/gui/dialogs.c:5451:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
        strncat(msg, err, MAXLEN - 4);
data/gretl-2020e/gui/dialogs.c:5483:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(info) >= MAXLEN) {
data/gretl-2020e/gui/dialogs.c:5484:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
        strncat(msg, info, MAXLEN - 4);
data/gretl-2020e/gui/dialogs.c:5511:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(warn) >= MAXLEN) {
data/gretl-2020e/gui/dialogs.c:5512:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
        strncat(msg, warn, MAXLEN - 4);
data/gretl-2020e/gui/dialogs.c:5714:17:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
                strcat(fmt, "|");
data/gretl-2020e/gui/dialogs.c:5743:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(s);
data/gretl-2020e/gui/dialogs.c:6122:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
        strncat(pcname, vname, VNAMELEN - 4);
data/gretl-2020e/gui/dialogs.c:6125:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
        strncat(pcname, vname, VNAMELEN - 5);
data/gretl-2020e/gui/dlgutils.c:1336:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    gtk_editable_select_region(GTK_EDITABLE(d->edit), 0, strlen(deflt));
data/gretl-2020e/gui/filelists.c:177:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len = strlen(file_sections[i]);
data/gretl-2020e/gui/filelists.c:364:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (cwd != NULL && strlen(cwd) + strlen(fname) < len - 1) {
data/gretl-2020e/gui/filelists.c:364:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (cwd != NULL && strlen(cwd) + strlen(fname) < len - 1) {
data/gretl-2020e/gui/filelists.c:369:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(fullname, fname, len);
data/gretl-2020e/gui/fileselect.c:516:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(sfx) == 4 ||
data/gretl-2020e/gui/fileselect.c:541:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (sfx != NULL && (strlen(sfx) == 4 || !strcmp(sfx, ".gnumeric"))) {
data/gretl-2020e/gui/fileselect.c:747:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(suffix, "*");
data/gretl-2020e/gui/filters.c:199:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(targ);
data/gretl-2020e/gui/filters.c:200:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(targ, finfo->vname, VNAMELEN - len - 1);
data/gretl-2020e/gui/filters.c:1249:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    s = fcmd + strlen(fcmd);
data/gretl-2020e/gui/filters.c:1277:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s = fcmd + strlen(fcmd);
data/gretl-2020e/gui/filters.c:1280:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s = fcmd + strlen(fcmd);
data/gretl-2020e/gui/filters.c:1285:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s = fcmd + strlen(fcmd);
data/gretl-2020e/gui/filters.c:1288:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s = fcmd + strlen(fcmd);
data/gretl-2020e/gui/fncall.c:398:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    int i, len = strlen(s);
data/gretl-2020e/gui/fncall.c:1132:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ndec = strlen(p + 1);
data/gretl-2020e/gui/fncall.c:1883:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	    strcpy(auxname, "&");
data/gretl-2020e/gui/fncall.c:1964:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(line, "(");
data/gretl-2020e/gui/fncall.c:1980:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(line, ")");
data/gretl-2020e/gui/fncall.c:2797:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*local_path = calloc(strlen(tmp) + 5, 1);
data/gretl-2020e/gui/fncall.c:3404:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    gpi->menupath = malloc(9 + strlen(relpath));
data/gretl-2020e/gui/fncall.c:3647:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	fixed_label = malloc(strlen(item.label) + n + 1);
data/gretl-2020e/gui/fnsave.c:260:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(fname, ".");
data/gretl-2020e/gui/fnsave.c:575:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!isdigit(*s) || (*s && !isdigit(s[strlen(s) - 1]))) {
data/gretl-2020e/gui/fnsave.c:915:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(word, s, n);
data/gretl-2020e/gui/fnsave.c:933:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(newname, s, n);
data/gretl-2020e/gui/fnsave.c:1167:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    retsize = strlen(buf) + 5;
data/gretl-2020e/gui/fnsave.c:1197:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(ret);
data/gretl-2020e/gui/fnsave.c:1866:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (finfo->help != NULL && strlen(finfo->help) > 128) {
data/gretl-2020e/gui/fnsave.c:2052:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(vstr, ")");
data/gretl-2020e/gui/fnsave.c:2240:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len += strlen(tag_lookups[i].label) + 8;
data/gretl-2020e/gui/fnsave.c:2252:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(s, "\n");
data/gretl-2020e/gui/fnsave.c:2294:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(newtags, " ");
data/gretl-2020e/gui/fnsave.c:2364:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (n_tags > j && !strncmp(line, S[j], strlen(S[j]))) {
data/gretl-2020e/gui/fnsave.c:2538:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s += strlen(word) + 1;
data/gretl-2020e/gui/fnsave.c:4405:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(p) - (fullpath ? 4 : 0);
data/gretl-2020e/gui/fnsave.c:4699:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen(finfo->sample);
data/gretl-2020e/gui/fnsave.c:4872:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen(s);
data/gretl-2020e/gui/gfn_arglists.c:89:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(a->pkgname, pkgname, 31);
data/gretl-2020e/gui/gpt_control.c:1081:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if (read(err_fd, buf, 127) > 0) {
data/gretl-2020e/gui/gpt_control.c:1304:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t i, n = strlen(str);
data/gretl-2020e/gui/gpt_control.c:1464:8:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		nf = sscanf(s, "%31s %31s %31s %31s %31s", test[0], test[1], test[2],
data/gretl-2020e/gui/gpt_control.c:1467:8:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		nf = sscanf(s, "%31s %31s %31s %31s", test[0], test[1], test[2], test[3]);
data/gretl-2020e/gui/gpt_control.c:1469:8:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		nf = sscanf(s, "%31s %31s %31s", test[0], test[1], test[2]);
data/gretl-2020e/gui/gpt_control.c:1471:8:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		nf = sscanf(s, "%31s %31s", test[0], test[1]);
data/gretl-2020e/gui/gpt_control.c:1584:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	    sscanf(s, "%31s", test);
data/gretl-2020e/gui/gpt_control.c:1593:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    s += strlen(test);
data/gretl-2020e/gui/gpt_control.c:1793:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    n = sscanf(s, "%2s %lf", axis, &base);
data/gretl-2020e/gui/gpt_control.c:1834:10:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	    n = sscanf(s, "%15s", fmt);
data/gretl-2020e/gui/gpt_control.c:1845:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(spec->timefmt, fmt, 15);
data/gretl-2020e/gui/gpt_control.c:1848:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(spec->xfmt, fmt, 15);
data/gretl-2020e/gui/gpt_control.c:1851:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(spec->yfmt, fmt, 15);
data/gretl-2020e/gui/gpt_control.c:1872:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(targ, src, maxlen - 1);
data/gretl-2020e/gui/gpt_control.c:1873:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(targ);
data/gretl-2020e/gui/gpt_control.c:1908:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(s);
data/gretl-2020e/gui/gpt_control.c:1927:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (sscanf(s + 6, "%15s", key) != 1) {
data/gretl-2020e/gui/gpt_control.c:1959:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(spec->xtics, val, sizeof(spec->xtics) - 1);
data/gretl-2020e/gui/gpt_control.c:1984:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(test, s, len);
data/gretl-2020e/gui/gpt_control.c:2021:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	if (sscanf(p, "%19s", lc)) {
data/gretl-2020e/gui/gpt_control.c:2101:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (sscanf(s + 4, "%11s", key) != 1) {
data/gretl-2020e/gui/gpt_control.c:2162:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (catch_value(val, s + 4 + strlen(key), MAXLEN)) {
data/gretl-2020e/gui/gpt_control.c:2176:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!catch_value(val, s + 4 + strlen(key), MAXLEN)) {
data/gretl-2020e/gui/gpt_control.c:2220:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(spec->mxtics, val, sizeof(spec->mxtics) - 1);
data/gretl-2020e/gui/gpt_control.c:2223:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(spec->ytics, val, sizeof(spec->ytics) - 1);
data/gretl-2020e/gui/gpt_control.c:2228:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(spec->border_lc, extra + 8, 7);
data/gretl-2020e/gui/gpt_control.c:2336:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (!strncmp(line, eod, strlen(eod))) {
data/gretl-2020e/gui/gpt_control.c:2344:7:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		if (sscanf(p + 1, "%8s", test) == 1) {
data/gretl-2020e/gui/gpt_control.c:2371:11:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		    if (sscanf(p + 1, "%11s", test) == 1) {
data/gretl-2020e/gui/gpt_control.c:2509:2:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	sscanf(src + 1, "%7s", targ);
data/gretl-2020e/gui/gpt_control.c:2684:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(line->formula, s, p - s);
data/gretl-2020e/gui/gpt_control.c:2864:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			s += strlen(id);
data/gretl-2020e/gui/gpt_control.c:3310:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (!strncmp(gpline, eod, strlen(eod))) {
data/gretl-2020e/gui/gpt_control.c:3321:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(strlen(gpline) < 10 && bufgets(gpline, MAXLEN - 1, buf) == NULL)) {
data/gretl-2020e/gui/gpt_control.c:3981:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(label) + strlen(label_y) < sizeof label) {
data/gretl-2020e/gui/gpt_control.c:3981:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(label) + strlen(label_y) < sizeof label) {
data/gretl-2020e/gui/gpt_control.c:4065:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(tmp, line, p - line + 7);
data/gretl-2020e/gui/gpt_dialog.c:475:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(targ, s, n - 1);
data/gretl-2020e/gui/gpt_dialog.c:699:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    gtk_editable_select_region(GTK_EDITABLE(w), 0, strlen(s));
data/gretl-2020e/gui/gpt_dialog.c:738:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		gtk_editable_select_region(GTK_EDITABLE(entry), 0, strlen(s));
data/gretl-2020e/gui/gpt_dialog.c:2131:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int rem = GP_MAXFORMULA - strlen(s);
data/gretl-2020e/gui/graph_page.c:63:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    gpage_base[strlen(gpage_base) - 4] = '\0';
data/gretl-2020e/gui/graph_page.c:65:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    gpage_base[strlen(gpage_base) - 3] = '\0';
data/gretl-2020e/gui/graph_page.c:80:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(gpage_base);
data/gretl-2020e/gui/graph_page.c:86:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n += strlen(num);
data/gretl-2020e/gui/graph_page.c:90:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n += strlen(ext);
data/gretl-2020e/gui/graph_page.c:665:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(test, p, 3);
data/gretl-2020e/gui/graph_page.c:673:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(latex, tmp, len0);
data/gretl-2020e/gui/graph_page.c:679:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(latex, tmp, len0);
data/gretl-2020e/gui/gretl.c:1163:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(s) == strlen(numstr)) {
data/gretl-2020e/gui/gretl.c:1163:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(s) == strlen(numstr)) {
data/gretl-2020e/gui/gretl.c:2488:2:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strlen(dfname) <= 5 || strncmp(dfname, "file:", 5)) {
data/gretl-2020e/gui/gretl.c:2501:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(tmp, dfname + skip, pos - skip);
data/gretl-2020e/gui/gretlwin32.c:362:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    sz = strlen(winbuf) + 1;
data/gretl-2020e/gui/gretlwin32.c:871:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(oldname);
data/gretl-2020e/gui/gretlwin32.c:877:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(newname);
data/gretl-2020e/gui/gretlwin32.c:1004:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ret = DdeClientTransaction((LPBYTE) buf, strlen(buf) + 1,
data/gretl-2020e/gui/gretlwin32.c:1034:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf = calloc(strlen(fname) + strlen(dest) + 32, 1);
data/gretl-2020e/gui/gretlwin32.c:1034:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf = calloc(strlen(fname) + strlen(dest) + 32, 1);
data/gretl-2020e/gui/gtkfontselhack.c:948:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	p = buffer + strlen (buffer) - 1;
data/gretl-2020e/gui/gui_recode.c:86:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    gsize read, wrote;
data/gretl-2020e/gui/gui_recode.c:105:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			&read, &wrote, &err);
data/gretl-2020e/gui/gui_recode.c:108:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			&read, &wrote, &err);
data/gretl-2020e/gui/gui_recode.c:111:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			&read, &wrote, NULL);
data/gretl-2020e/gui/gui_recode.c:133:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(line) < 512 - 5) {
data/gretl-2020e/gui/gui_recode.c:150:7:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		if (sscanf(s, "%31s %5s", fname, fsize) == 2) {
data/gretl-2020e/gui/gui_recode.c:153:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		    strcat(tmp, ",");
data/gretl-2020e/gui/gui_recode.c:162:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(tmp, "\n");
data/gretl-2020e/gui/gui_utils.c:885:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen(dest);
data/gretl-2020e/gui/gui_utils.c:3468:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (p != NULL && strlen(p) == 7) {
data/gretl-2020e/gui/gui_utils.c:4549:5:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    sscanf(s, "%*s %8s", cmdword);
data/gretl-2020e/gui/gui_utils.c:5590:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i, n = strlen(name);
data/gretl-2020e/gui/gui_utils.c:5918:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	n = sscanf(Rcommand, "%63s %31s %31s", s0, s1, s2);
data/gretl-2020e/gui/gui_utils.c:5992:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(errout) < MAXLEN) {
data/gretl-2020e/gui/gui_utils.c:5999:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(sout) < MAXLEN) {
data/gretl-2020e/gui/guiprint.c:100:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(s);
data/gretl-2020e/gui/guiprint.c:228:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	TextOut(dc, x, px / 8, hdr, strlen(hdr));
data/gretl-2020e/gui/guiprint.c:2523:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(texbase, texfile, dot);
data/gretl-2020e/gui/helpfiles.c:411:10:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	    if (sscanf(s+2, "%31s %47s", word, sect) == 2) {
data/gretl-2020e/gui/helpfiles.c:794:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int k, n = strlen(s);
data/gretl-2020e/gui/helpfiles.c:1381:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(word, s, 15);
data/gretl-2020e/gui/helpfiles.c:1584:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int hlen = strlen(haystack);
data/gretl-2020e/gui/helpfiles.c:1585:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nlen = strlen(needle);
data/gretl-2020e/gui/helpfiles.c:1614:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(s);
data/gretl-2020e/gui/join-gui.c:873:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(optstr, ",");
data/gretl-2020e/gui/join-gui.c:887:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(optstr, ",");
data/gretl-2020e/gui/join-gui.c:890:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(optstr, ",");
data/gretl-2020e/gui/library.c:179:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = MAXLINE - strlen(libline) - 1;
data/gretl-2020e/gui/library.c:182:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(libline, s, n);
data/gretl-2020e/gui/library.c:3591:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	    sscanf(s, "%31s", name);
data/gretl-2020e/gui/library.c:3624:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    n = sscanf(s, "%31s %31s", s1, s2);
data/gretl-2020e/gui/library.c:3837:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (sscanf(line, "%31s", word)) {
data/gretl-2020e/gui/library.c:3842:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    line += strlen(word);
data/gretl-2020e/gui/library.c:3979:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len = strlen(bufline) + strlen(realline);
data/gretl-2020e/gui/library.c:3979:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len = strlen(bufline) + strlen(realline);
data/gretl-2020e/gui/library.c:4267:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (p != NULL && strlen(p) == 3) {
data/gretl-2020e/gui/library.c:4491:24:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (buf == NULL || sscanf(buf, "%31s %31s", yname, xname) != 2) {
data/gretl-2020e/gui/library.c:4949:5:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    sscanf(buf, "%8s", cword);
data/gretl-2020e/gui/library.c:5069:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(word1, s, sppos);
data/gretl-2020e/gui/library.c:7886:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(liststr, " ");
data/gretl-2020e/gui/library.c:8540:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (s[strlen(s)-1] != '\n') {
data/gretl-2020e/gui/library.c:8956:6:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if (fgetc(fp) != EOF) {
data/gretl-2020e/gui/library.c:9223:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						strlen(path),
data/gretl-2020e/gui/library.c:9266:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    AECreateDesc(typeChar, opt, strlen(opt), &desc);
data/gretl-2020e/gui/library.c:9319:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    s = CFStringCreateWithBytes(NULL, (const UInt8 *) url, strlen(url),
data/gretl-2020e/gui/library.c:9455:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(line);
data/gretl-2020e/gui/library.c:9496:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(line);
data/gretl-2020e/gui/library.c:9597:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    if (strlen(line) + strlen(tmp) > MAXLINE - 1) {
data/gretl-2020e/gui/library.c:9597:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    if (strlen(line) + strlen(tmp) > MAXLINE - 1) {
data/gretl-2020e/gui/library.c:10113:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(datafile, myfile, MAXLEN - 1);
data/gretl-2020e/gui/library.c:10565:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	memmove(s->line, s->more, strlen(s->more) + 1);
data/gretl-2020e/gui/menustate.c:1122:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(datafile) > 2) {
data/gretl-2020e/gui/mklang.c:82:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int na = strlen(*sa);
data/gretl-2020e/gui/mklang.c:83:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nb = strlen(*sb);
data/gretl-2020e/gui/model_table.c:568:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (strlen(pnames[i]) > namewidth) {
data/gretl-2020e/gui/model_table.c:758:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(s);
data/gretl-2020e/gui/model_table.c:945:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(pnames[i]);
data/gretl-2020e/gui/model_table.c:971:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    len = strlen(pmod->name);
data/gretl-2020e/gui/model_table.c:975:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    len = strlen(tmp);
data/gretl-2020e/gui/model_table.c:1038:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(targ, pmod->name, 16);
data/gretl-2020e/gui/model_table.c:1047:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(targ, pmod->name, 31);
data/gretl-2020e/gui/model_table.c:1054:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(targ, pmod->name, 31);
data/gretl-2020e/gui/obsbutton.c:65:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(dset->endobs);
data/gretl-2020e/gui/selector.c:969:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(varflag, s, 7);
data/gretl-2020e/gui/selector.c:2793:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tmp = malloc(strlen(list) + 4);
data/gretl-2020e/gui/selector.c:2796:5:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    sscanf(list, "%31s", istr);
data/gretl-2020e/gui/selector.c:2814:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t addlen = strlen(add);
data/gretl-2020e/gui/selector.c:3012:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = 1 + nlags * (strlen(vname) + 3);
data/gretl-2020e/gui/selector.c:3017:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len += strlen(tmp) + (li > 0);
data/gretl-2020e/gui/selector.c:8238:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(name);
data/gretl-2020e/gui/session.c:677:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(tmp, oldname, p - oldname);
data/gretl-2020e/gui/session.c:691:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = MAXSAVENAME - strlen(num) - 1;
data/gretl-2020e/gui/session.c:693:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(tmp, tname, n);
data/gretl-2020e/gui/session.c:1295:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (q != NULL && strlen(q) == 6) {
data/gretl-2020e/gui/session.c:1314:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(tmp);
data/gretl-2020e/gui/session.c:1828:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(path, ".");
data/gretl-2020e/gui/session.c:1904:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i, n = strlen(fname);
data/gretl-2020e/gui/session.c:1996:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(fname);
data/gretl-2020e/gui/session.c:1998:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dirname[strlen(dirname) - 6] = '\0';
data/gretl-2020e/gui/session.c:3692:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			   strlen(graph->fname));
data/gretl-2020e/gui/session.c:3793:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(name) > SHOWNAMELEN) {
data/gretl-2020e/gui/session.c:4212:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = 12, n = strlen(s) - g_utf8_strlen(s, -1);
data/gretl-2020e/gui/session.c:4225:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = 16, n = strlen(s) - g_utf8_strlen(s, -1);
data/gretl-2020e/gui/settings.c:403:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (s != NULL && strlen(s) < sizeof author_mail) {
data/gretl-2020e/gui/settings.c:1795:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (sscanf(s, "%7s %7s", cstr[0], cstr[1]) == 2) {
data/gretl-2020e/gui/settings.c:1876:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(strvar, sval, rcvar->len - 1);
data/gretl-2020e/gui/settings.c:2230:7:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		    strncat(strvar, val, rcvar->len - 1);
data/gretl-2020e/gui/settings.c:2266:10:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	    if (sscanf(p, "%31s", key) == 1) {
data/gretl-2020e/gui/settings.c:2267:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strcpy(linevar, p + strlen(key) + 3);
data/gretl-2020e/gui/settings.c:2284:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
				strncat(strvar, linevar, rc_vars[j].len - 1);
data/gretl-2020e/gui/settings.c:2341:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strcpy(linevar, line + strlen(key) + 3);
data/gretl-2020e/gui/settings.c:2454:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(strvar, value, rcvar->len - 1);
data/gretl-2020e/gui/settings.c:2494:10:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	    if (sscanf(line, "%31s", key) == 1) {
data/gretl-2020e/gui/settings.c:2496:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(linevar, line + strlen(key) + 3, MAXLEN-1);
data/gretl-2020e/gui/settings.c:3138:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(tmp, str, MAXLEN - 2);
data/gretl-2020e/gui/settings.c:3287:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(prefix);
data/gretl-2020e/gui/ssheet.c:1038:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(tmp, buf, 12);
data/gretl-2020e/gui/ssheet.c:1929:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(tmpstr, sheet->rownames[i], 31);
data/gretl-2020e/gui/ssheet.c:2136:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    numlen = strlen(numstr);
data/gretl-2020e/gui/ssheet.c:2194:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(sheet->rownames[i]);
data/gretl-2020e/gui/ssheet.c:2301:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = (s != NULL)? strlen(s) : 0;
data/gretl-2020e/gui/ssheet.c:4174:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(s);
data/gretl-2020e/gui/tabwin.c:523:2:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strlen(dfname) <= 5 || strncmp(dfname, "file:", 5)) {
data/gretl-2020e/gui/tabwin.c:536:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(tmp, dfname + skip, pos - skip);
data/gretl-2020e/gui/tabwin.c:792:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    modtext = g_strndup(text, strlen(text) - 2);
data/gretl-2020e/gui/textbuf.c:229:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i, j = 0, n = strlen(s);
data/gretl-2020e/gui/textbuf.c:1787:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen(key);
data/gretl-2020e/gui/textbuf.c:2229:10:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	    if (sscanf(s + 2, "%8s", word)) {
data/gretl-2020e/gui/textbuf.c:2236:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    n = 10 - strlen(word);
data/gretl-2020e/gui/textbuf.c:2284:17:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	    } else if (sscanf(s + 2, "%10s", word)) {
data/gretl-2020e/gui/textbuf.c:2291:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    n = 12 - strlen(word);
data/gretl-2020e/gui/textbuf.c:2650:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (s != NULL && *s != '\0' && s[strlen(s)-1] != '\n') {
data/gretl-2020e/gui/textbuf.c:2821:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (sscanf(s, "%*s <- %8s", word) != 1) {
data/gretl-2020e/gui/textbuf.c:2822:2:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	sscanf(s, "%8s", word);
data/gretl-2020e/gui/textbuf.c:2875:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int i, n = strlen(s);
data/gretl-2020e/gui/textbuf.c:2894:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i, n = strlen(s);
data/gretl-2020e/gui/textbuf.c:2904:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(s, "\n");
data/gretl-2020e/gui/textbuf.c:3266:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i, n = strlen(s);
data/gretl-2020e/gui/textbuf.c:3285:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	if (sscanf(s, "%*s <- %8s", word) != 1) {
data/gretl-2020e/gui/textbuf.c:3286:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	    sscanf(s, "%8s", word);
data/gretl-2020e/gui/textbuf.c:3338:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (i == 0 && s[strlen(s)-1] == ')') {
data/gretl-2020e/gui/textbuf.c:3410:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ret = strspn(chunk, " \t") == strlen(chunk);
data/gretl-2020e/gui/textbuf.c:3430:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	    sscanf(s, "%8s", thisword);
data/gretl-2020e/gui/textbuf.c:3503:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    ret = strspn(chunk, " \t\n") == strlen(chunk);
data/gretl-2020e/gui/textbuf.c:3562:2:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	sscanf(s, "%8s", thisword);
data/gretl-2020e/gui/textbuf.c:4234:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    skip = 8 + strlen(targ);
data/gretl-2020e/gui/textbuf.c:4352:2:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	sscanf(line + 2, "%11s", hword);
data/gretl-2020e/gui/textbuf.c:4364:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf = grab_topic_buffer(hbuf + strlen(line) + 1);
data/gretl-2020e/gui/textutil.c:205:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    replace_len = strlen(s->replace);
data/gretl-2020e/gui/textutil.c:721:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i, n = strlen(s);
data/gretl-2020e/gui/textutil.c:755:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i, n = strlen((const char *) s);
data/gretl-2020e/gui/textutil.c:831:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	extra += strlen(rtf_preamble) + 5;
data/gretl-2020e/gui/textutil.c:834:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    targ = malloc(strlen(buf) + extra);
data/gretl-2020e/gui/textutil.c:841:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	q = targ + strlen(targ);
data/gretl-2020e/gui/textutil.c:902:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *buf = malloc(strlen(orig) + 4);
data/gretl-2020e/gui/varinfo.c:151:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    int n = strlen(s);
data/gretl-2020e/gui/varinfo.c:491:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return (s != NULL && strlen(s) > 128);
data/gretl-2020e/gui/winstack.c:205:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    targ = malloc(strlen(src) + u + 1);
data/gretl-2020e/gui/winstack.c:408:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(aname, tmp, 31);
data/gretl-2020e/gui/winstack.c:433:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(label);
data/gretl-2020e/gui/winstack.c:438:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	blen = strlen(bullet);
data/gretl-2020e/gui/winstack.c:452:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	repl = g_strndup(label, strlen(label) - blen);
data/gretl-2020e/gui/winstack.c:899:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			     strlen(vwin->fname))) {
data/gretl-2020e/lib/src/addons_utils.c:45:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen(pkgname) - 4;
data/gretl-2020e/lib/src/addons_utils.c:275:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int nsp, n = strlen(addon);
data/gretl-2020e/lib/src/addons_utils.c:339:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	gchar *tmp = g_strndup(addon, strlen(addon) - 4);
data/gretl-2020e/lib/src/bootstrap.c:673:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(bs_vname, bs->vname, VNAMELEN - 3);
data/gretl-2020e/lib/src/boxplots.c:285:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    n = strlen(grp->plots[i].bool);
data/gretl-2020e/lib/src/boxplots.c:287:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    n = strlen(grp->plots[i].varname);
data/gretl-2020e/lib/src/boxplots.c:303:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	offset = strlen(grp->xlabel) + 2;
data/gretl-2020e/lib/src/boxplots.c:325:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	pad -= strlen(grp->xlabel);
data/gretl-2020e/lib/src/boxplots.c:1150:10:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    nf = sscanf(s, "%d %lf %15s %15s %lf %d", j, &plot->min, 
data/gretl-2020e/lib/src/boxplots.c:1179:10:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    nf = sscanf(s, "%d %15s", j, test);
data/gretl-2020e/lib/src/boxplots.c:1244:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(title);
data/gretl-2020e/lib/src/calendar.c:360:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (strlen(datestr) == 8) {
data/gretl-2020e/lib/src/calendar.c:519:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(dset->stobs) == 8) {
data/gretl-2020e/lib/src/compare.c:247:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len += strlen(dset->varname[list[i]]) + 1;
data/gretl-2020e/lib/src/compare.c:259:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(vnames, " ");
data/gretl-2020e/lib/src/compare.c:302:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    nc += strlen(vname) + 2;
data/gretl-2020e/lib/src/compare.c:2609:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(dset->varname[sv], dset->varname[pv], VNAMELEN - 4);
data/gretl-2020e/lib/src/compare.c:3604:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    gretl_trunc(dset->varname[k], 15 - strlen(tmp));
data/gretl-2020e/lib/src/compat.c:75:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    lw = strlen(word);
data/gretl-2020e/lib/src/compat.c:256:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    lx = strlen(word);
data/gretl-2020e/lib/src/compat.c:261:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ly = strlen(word);
data/gretl-2020e/lib/src/compat.c:269:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ls = strlen(word);
data/gretl-2020e/lib/src/compat.c:347:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ls = 8 + strlen(word);
data/gretl-2020e/lib/src/compat.c:351:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ls = 78 - ls - strlen(word);
data/gretl-2020e/lib/src/compat.c:417:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ls = 8 + strlen(word);
data/gretl-2020e/lib/src/compat.c:421:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ls = 78 - ls - strlen(word);
data/gretl-2020e/lib/src/compat.c:428:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ls = strlen(word);
data/gretl-2020e/lib/src/compat.c:432:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ls = 78 - ls - strlen(word);
data/gretl-2020e/lib/src/compat.c:437:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ls = strlen(word);
data/gretl-2020e/lib/src/compat.c:441:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ls = 78 - ls - strlen(word);
data/gretl-2020e/lib/src/csvdata.c:862:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(skip, label + 4, 7);
data/gretl-2020e/lib/src/csvdata.c:1145:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(lbl);
data/gretl-2020e/lib/src/csvdata.c:1148:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(year, lbl, 4);
data/gretl-2020e/lib/src/csvdata.c:1170:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(sub, lbl + 5, 2);
data/gretl-2020e/lib/src/csvdata.c:1295:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(d1, s1, 4);
data/gretl-2020e/lib/src/csvdata.c:1296:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(d2, s2, 4);
data/gretl-2020e/lib/src/csvdata.c:1316:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n1 = strlen(s1);
data/gretl-2020e/lib/src/csvdata.c:1317:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n2 = strlen(s2);
data/gretl-2020e/lib/src/csvdata.c:1328:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		n = strlen(s);
data/gretl-2020e/lib/src/csvdata.c:1358:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if (strlen(tmp) > strlen(s)) {
data/gretl-2020e/lib/src/csvdata.c:1358:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if (strlen(tmp) > strlen(s)) {
data/gretl-2020e/lib/src/csvdata.c:1404:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(s1) == 8 && strlen(s2) == 8 &&
data/gretl-2020e/lib/src/csvdata.c:1404:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(s1) == 8 && strlen(s2) == 8 &&
data/gretl-2020e/lib/src/csvdata.c:1408:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(m1, s1, 3);
data/gretl-2020e/lib/src/csvdata.c:1409:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(m2, s2, 3);
data/gretl-2020e/lib/src/csvdata.c:1420:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(s) != 8 || s[3] != '-') {
data/gretl-2020e/lib/src/csvdata.c:1426:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(m1, s, 3);
data/gretl-2020e/lib/src/csvdata.c:1450:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(m1, s, 3);
data/gretl-2020e/lib/src/csvdata.c:1477:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len1 = strlen(lbl1);
data/gretl-2020e/lib/src/csvdata.c:1478:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len2 = strlen(lbl2);
data/gretl-2020e/lib/src/csvdata.c:1497:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len1 = strlen(lbl1);
data/gretl-2020e/lib/src/csvdata.c:1899:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(c->line);
data/gretl-2020e/lib/src/csvdata.c:1929:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(c->line);
data/gretl-2020e/lib/src/csvdata.c:1954:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(s) > VNAMELEN - 1) {
data/gretl-2020e/lib/src/csvdata.c:2421:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return strspn(s, test) == strlen(s);
data/gretl-2020e/lib/src/csvdata.c:2483:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int i, n = strlen(s);
data/gretl-2020e/lib/src/csvdata.c:2629:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	llen = strlen(line);
data/gretl-2020e/lib/src/csvdata.c:2640:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    totlen = strlen(desc) + llen + 4;
data/gretl-2020e/lib/src/csvdata.c:2648:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(desc, "\n");
data/gretl-2020e/lib/src/csvdata.c:2710:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    chkcols = strlen(c->line);
data/gretl-2020e/lib/src/csvdata.c:2770:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(s) == 3) {
data/gretl-2020e/lib/src/csvdata.c:3028:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(p) > 118) {
data/gretl-2020e/lib/src/csvdata.c:3161:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	m = strlen(c->line);
data/gretl-2020e/lib/src/csvdata.c:3174:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(c->str, p, n);
data/gretl-2020e/lib/src/csvdata.c:3257:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(s);
data/gretl-2020e/lib/src/csvdata.c:5544:7:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		    strncat(test, s, n);
data/gretl-2020e/lib/src/csvdata.c:5610:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(tkeyfmt, s + 1, 31);
data/gretl-2020e/lib/src/csvdata.c:5621:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(tkeyname, s, n);
data/gretl-2020e/lib/src/csvdata.c:5622:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(tkeyfmt, p + 1, 31);
data/gretl-2020e/lib/src/csvdata.c:5662:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(name1, s, n1);
data/gretl-2020e/lib/src/csvdata.c:5664:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    n2 = strlen(s);
data/gretl-2020e/lib/src/dataio.c:80:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((pd == 5 || pd == 6 || pd == 7 || pd == 52) && strlen(obs) > 4) {
data/gretl-2020e/lib/src/dataio.c:108:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(vname) >= VNAMELEN) {
data/gretl-2020e/lib/src/dataio.c:136:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (err && !is_series && strlen(vname) == 2 && is_greek_letter(vname)) {
data/gretl-2020e/lib/src/dataio.c:216:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(targ);
data/gretl-2020e/lib/src/dataio.c:264:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(s);
data/gretl-2020e/lib/src/dataio.c:700:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len = strlen(numstr);
data/gretl-2020e/lib/src/dataio.c:917:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (s != NULL && strlen(s) > 1) {
data/gretl-2020e/lib/src/dataio.c:979:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(tmp, "\"");
data/gretl-2020e/lib/src/dataio.c:980:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(tmp, st, TMPLEN - 3);
data/gretl-2020e/lib/src/dataio.c:981:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(tmp, "\"");
data/gretl-2020e/lib/src/dataio.c:1402:9:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (fgetc(fp) == 037 && fgetc(fp) == 0213) {
data/gretl-2020e/lib/src/dataio.c:1402:29:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (fgetc(fp) == 037 && fgetc(fp) == 0213) {
data/gretl-2020e/lib/src/dataio.c:2462:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(src, trstr, len - 1);
data/gretl-2020e/lib/src/dataio.c:2756:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(label) > 0) {
data/gretl-2020e/lib/src/dataio.c:2945:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(nstr);
data/gretl-2020e/lib/src/dataio.c:2949:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(name, s, tr);
data/gretl-2020e/lib/src/dataio.c:2962:17:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    while ((c = fgetc(fp)) != EOF) {
data/gretl-2020e/lib/src/dataio.c:2965:11:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    c1 = fgetc(fp);
data/gretl-2020e/lib/src/dataio.c:3043:7:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		if (sscanf(line, "# name: %31s", name) == 1) {
data/gretl-2020e/lib/src/dataio.c:3050:7:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		if (sscanf(line, "# type: %7s", tmp) == 1) {
data/gretl-2020e/lib/src/dataio.c:3724:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    int dlen = strlen(dset->descrip);
data/gretl-2020e/lib/src/dataio.c:3725:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    int nlen = strlen(note);
data/gretl-2020e/lib/src/dataio.c:3731:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(dset->descrip, note, nlen);
data/gretl-2020e/lib/src/dataset.c:262:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(dset->stobs, "1");
data/gretl-2020e/lib/src/dataset.c:2270:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dset->descrip = malloc(strlen(name) + 8);
data/gretl-2020e/lib/src/dataset.c:2284:2:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strlen(dset->descrip) > 7 &&
data/gretl-2020e/lib/src/dataset.c:3095:5:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    sscanf(s, "%31s", test);
data/gretl-2020e/lib/src/dataset.c:3096:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *ps += strlen(test);
data/gretl-2020e/lib/src/dataset.c:4396:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(dset->varname[i]);
data/gretl-2020e/lib/src/dataset.c:4493:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len += strlen(S[i]) + 1 + floor(log10(1.0 + i));
data/gretl-2020e/lib/src/dataset.c:4823:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(S[i]) > maxlen) {
data/gretl-2020e/lib/src/dataset.c:4898:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if (!fail && maxlen > 0 && strlen(st) > maxlen) {
data/gretl-2020e/lib/src/dataset.c:5269:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(targ1, s, n1);
data/gretl-2020e/lib/src/dataset.c:5270:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(targ2, p, n2);
data/gretl-2020e/lib/src/dataset.c:5297:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(targ, s, n1);
data/gretl-2020e/lib/src/dataset.c:5306:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(targ, s, n1);
data/gretl-2020e/lib/src/dataset.c:5315:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(targ, p, n1);
data/gretl-2020e/lib/src/dbread.c:389:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dbbase[strlen(dbbase) - 4] = '\0';
data/gretl-2020e/lib/src/dbread.c:454:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strcpy(fname + strlen(fname) - 3, "idx");
data/gretl-2020e/lib/src/dbread.c:563:10:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	    if (sscanf(s2, "%c %10s %*s %10s %*s %*s %d",
data/gretl-2020e/lib/src/dbread.c:1162:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			int rem = MAXLABEL - strlen(desc) - 1;
data/gretl-2020e/lib/src/dbread.c:1166:8:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			    strncat(desc, line + 1, rem);
data/gretl-2020e/lib/src/dbread.c:1694:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen(saved_db_name);
data/gretl-2020e/lib/src/dbread.c:1773:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	p += strlen(needle);
data/gretl-2020e/lib/src/dbread.c:4907:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	    strcpy(stobs, "1");
data/gretl-2020e/lib/src/dbwrite.c:503:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(imode, "a");
data/gretl-2020e/lib/src/describe.c:5134:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(_(labels[i])) > slen) {
data/gretl-2020e/lib/src/estimate.c:3567:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    size_t len = strlen(xname) - strlen(p);
data/gretl-2020e/lib/src/estimate.c:3567:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    size_t len = strlen(xname) - strlen(p);
data/gretl-2020e/lib/src/forecast.c:3121:7:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	nf = sscanf(s, "%31s %31s %31s %31s", f[0], f[1], f[2], f[3]);
data/gretl-2020e/lib/src/forecast.c:3124:11:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	    nf = sscanf(s, "(%31[^)]) (%31[^)]) %31s %31s", f[0], f[1], f[2], f[3]);
data/gretl-2020e/lib/src/geneval.c:2563:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    ll = strlen(Sl[i]) + 2;
data/gretl-2020e/lib/src/geneval.c:2565:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		slr = calloc(ll + strlen(Sr[j]), 1);
data/gretl-2020e/lib/src/geneval.c:6095:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   strlen(pfx) > 24) {
data/gretl-2020e/lib/src/geneval.c:7235:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                ret->v.xval = strlen(n->v.str);
data/gretl-2020e/lib/src/geneval.c:7727:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i, n = strlen(s);
data/gretl-2020e/lib/src/geneval.c:7795:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int n1 = strlen(l->v.str);
data/gretl-2020e/lib/src/geneval.c:7796:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int n2 = strlen(r->v.str);
data/gretl-2020e/lib/src/geneval.c:7913:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *ret = calloc(strlen(s) + 1, 1);
data/gretl-2020e/lib/src/geneval.c:8338:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int i, len = strlen(s);
data/gretl-2020e/lib/src/geneval.c:11016:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (g_utf8_strlen(s1, -1) == strlen(s1) && strlen(s2) == 1) {
data/gretl-2020e/lib/src/geneval.c:11016:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (g_utf8_strlen(s1, -1) == strlen(s1) && strlen(s2) == 1) {
data/gretl-2020e/lib/src/geneval.c:11023:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(tmp) <= strlen(s1)) {
data/gretl-2020e/lib/src/geneval.c:11023:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(tmp) <= strlen(s1)) {
data/gretl-2020e/lib/src/geneval.c:18172:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            lhlen = strlen(lhs);
data/gretl-2020e/lib/src/geneval.c:19083:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            newstr = malloc(strlen(orig) + strlen(src) + 1);
data/gretl-2020e/lib/src/geneval.c:19083:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            newstr = malloc(strlen(orig) + strlen(src) + 1);
data/gretl-2020e/lib/src/genfuncs.c:2949:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(numstr);
data/gretl-2020e/lib/src/genfuncs.c:3918:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(test);
data/gretl-2020e/lib/src/genfuncs.c:3999:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(obs, s, OBSLEN+1);
data/gretl-2020e/lib/src/genfuncs.c:7418:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	    strcpy(tmpset->varname[1], "x");
data/gretl-2020e/lib/src/genfuncs.c:7803:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(stobs);
data/gretl-2020e/lib/src/genfuncs.c:7805:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (n > 10 || strlen(endobs) != n) {
data/gretl-2020e/lib/src/genlex.c:963:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t n = strlen(s);
data/gretl-2020e/lib/src/genlex.c:1306:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(test, s, n);
data/gretl-2020e/lib/src/genlex.c:1350:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(word, s, close);
data/gretl-2020e/lib/src/genlex.c:1353:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(word, s, close);
data/gretl-2020e/lib/src/genlex.c:1385:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(dvars[i].str);
data/gretl-2020e/lib/src/genlex.c:1392:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(mvars[i].str);
data/gretl-2020e/lib/src/genlex.c:1399:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(bvars[i].str);
data/gretl-2020e/lib/src/genlex.c:1440:2:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strlen(s) >= 3 && !strncmp(s, "R.", 2)) {
data/gretl-2020e/lib/src/genmain.c:145:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(p->lh.name);
data/gretl-2020e/lib/src/genmain.c:223:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(src) > MAXLABEL - 1) {
data/gretl-2020e/lib/src/genmain.c:228:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(tmp, src, MAXLABEL - 4);
data/gretl-2020e/lib/src/genmain.c:258:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(word, s, p - s);
data/gretl-2020e/lib/src/genmain.c:260:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(word, s, 8);
data/gretl-2020e/lib/src/genmain.c:350:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(targ, src, *len);
data/gretl-2020e/lib/src/genmain.c:756:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return s[strlen(s)-1] == ')';
data/gretl-2020e/lib/src/gensyntax.c:475:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(p->idstr);
data/gretl-2020e/lib/src/gensyntax.c:533:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(tmp, src, n);
data/gretl-2020e/lib/src/graphing.c:237:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	errbytes += write(sinp, cmd, strlen(cmd));
data/gretl-2020e/lib/src/graphing.c:249:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	errbytes = read(serr, errbuf, sizeof errbuf - 1);
data/gretl-2020e/lib/src/graphing.c:943:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i, k = 0, n = strlen(s);
data/gretl-2020e/lib/src/graphing.c:956:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(ptstr, s + n - k, k);
data/gretl-2020e/lib/src/graphing.c:958:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(name, s, n - k - 1);
data/gretl-2020e/lib/src/graphing.c:1731:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(ptinfo[i].pstr);
data/gretl-2020e/lib/src/graphing.c:2443:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(p, s, len);
data/gretl-2020e/lib/src/graphing.c:2445:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(q);
data/gretl-2020e/lib/src/graphing.c:2547:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		n = strlen(s);
data/gretl-2020e/lib/src/graphing.c:2587:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    n = strlen(S[i]);
data/gretl-2020e/lib/src/graphing.c:4633:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(name) >= 16) {
data/gretl-2020e/lib/src/graphing.c:4634:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(s, name, 14);
data/gretl-2020e/lib/src/graphing.c:4635:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(s, "~");
data/gretl-2020e/lib/src/graphing.c:4637:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(s, name, 15);
data/gretl-2020e/lib/src/graphing.c:5722:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(cstr, rgb, 9);
data/gretl-2020e/lib/src/graphing.c:5745:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(cstr, rgb, 9);
data/gretl-2020e/lib/src/graphing.c:6154:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(s) != 8) {
data/gretl-2020e/lib/src/graphing.c:6162:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(s) != 7) {
data/gretl-2020e/lib/src/graphing.c:6170:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(s) < 3 || strlen(s) > 17) {
data/gretl-2020e/lib/src/graphing.c:6170:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(s) < 3 || strlen(s) > 17) {
data/gretl-2020e/lib/src/graphing.c:6255:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(s) < 8) {
data/gretl-2020e/lib/src/graphing.c:7045:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n1 = strlen(s1);
data/gretl-2020e/lib/src/graphing.c:7046:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n2 = strlen(s2);
data/gretl-2020e/lib/src/graphing.c:7196:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(tmp) - strip;
data/gretl-2020e/lib/src/graphing.c:7232:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len = strlen(dset->S[t]);
data/gretl-2020e/lib/src/graphing.c:7263:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    n = strlen(s);
data/gretl-2020e/lib/src/graphing.c:7306:7:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		    strncat(s1, dset->S[t], *use);
data/gretl-2020e/lib/src/graphing.c:7317:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!fail && maxlen > 0 && strlen(s1) > maxlen) {
data/gretl-2020e/lib/src/graphing.c:7427:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(gset->varname[i+1], dset->S[s], use);
data/gretl-2020e/lib/src/graphing.c:7590:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(uname, dset->S[s], use);
data/gretl-2020e/lib/src/gretl_array.c:380:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len += strlen(A->data[i]) + 1;
data/gretl-2020e/lib/src/gretl_array.c:1683:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int m = strlen(s);
data/gretl-2020e/lib/src/gretl_bfgs.c:1993:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(name, s, n);
data/gretl-2020e/lib/src/gretl_bfgs.c:2010:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(vname, s, n);
data/gretl-2020e/lib/src/gretl_bfgs.c:2040:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(fname, fncall, n);
data/gretl-2020e/lib/src/gretl_bundle.c:1273:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(key) >= VNAMELEN) {
data/gretl-2020e/lib/src/gretl_bundle.c:1853:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen(s);
data/gretl-2020e/lib/src/gretl_bundle.c:2440:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	*bytes = strlen(buf) + 1;
data/gretl-2020e/lib/src/gretl_cmatrix.c:1373:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char c = fmt[strlen(fmt) - 1];
data/gretl-2020e/lib/src/gretl_commands.c:268:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t n = strlen(s);
data/gretl-2020e/lib/src/gretl_errors.c:312:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen(gretl_errmsg);
data/gretl-2020e/lib/src/gretl_errors.c:313:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int m = strlen(str);
data/gretl-2020e/lib/src/gretl_errors.c:316:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(gretl_errmsg, "\n");
data/gretl-2020e/lib/src/gretl_errors.c:337:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n, m = strlen(str);
data/gretl-2020e/lib/src/gretl_errors.c:347:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(gretl_errmsg);
data/gretl-2020e/lib/src/gretl_errors.c:351:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(gretl_errmsg, "\n");
data/gretl-2020e/lib/src/gretl_errors.c:415:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len0 = strlen(gretl_errmsg);
data/gretl-2020e/lib/src/gretl_errors.c:428:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(gretl_errmsg, "\n");
data/gretl-2020e/lib/src/gretl_foreign.c:374:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    got = read(io->fd, io->buf, io->len - 1);
data/gretl-2020e/lib/src/gretl_foreign.c:491:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    rscript = calloc(strlen(rbin) + 16, 1);
data/gretl-2020e/lib/src/gretl_foreign.c:1636:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(save_na, get_csv_na_write_string(), 7);
data/gretl-2020e/lib/src/gretl_foreign.c:3259:10:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	    if (sscanf(param, "language=%15s", lang) == 1) {
data/gretl-2020e/lib/src/gretl_func.c:341:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	if (sscanf(line, "%3s %7s", s1, s2) == 2 &&
data/gretl-2020e/lib/src/gretl_func.c:2152:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(test);
data/gretl-2020e/lib/src/gretl_func.c:2378:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (s[strlen(s) - 1] == '*') {
data/gretl-2020e/lib/src/gretl_func.c:2498:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(p);
data/gretl-2020e/lib/src/gretl_func.c:2508:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(pkg->name, p, n);
data/gretl-2020e/lib/src/gretl_func.c:3064:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    memmove(s, s+1, strlen(s));
data/gretl-2020e/lib/src/gretl_func.c:3466:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(s);
data/gretl-2020e/lib/src/gretl_func.c:3488:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return strlen(s) < 64 && strchr(s, ' ') == NULL &&
data/gretl-2020e/lib/src/gretl_func.c:3712:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if (!strncmp(line, key, strlen(key))) {
data/gretl-2020e/lib/src/gretl_func.c:5356:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(line) <= lmax) {
data/gretl-2020e/lib/src/gretl_func.c:5360:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    while (strlen(rem) > lmax) {
data/gretl-2020e/lib/src/gretl_func.c:6092:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(date) < 10 && date[4] == '-') {
data/gretl-2020e/lib/src/gretl_func.c:6593:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(valstr, q, len);
data/gretl-2020e/lib/src/gretl_func.c:6775:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(tstr, s, len);
data/gretl-2020e/lib/src/gretl_func.c:6901:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i, n = strlen(s);
data/gretl-2020e/lib/src/gretl_func.c:6978:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    p += strlen(p) + 1;
data/gretl-2020e/lib/src/gretl_func.c:7027:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(w1, s, n);
data/gretl-2020e/lib/src/gretl_func.c:7036:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(w2, s, n);
data/gretl-2020e/lib/src/gretl_func.c:7154:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (sscanf(line, "%7s %15s", s1, s2) == 2) {
data/gretl-2020e/lib/src/gretl_func.c:8742:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (p != NULL && strlen(p) == gretl_namechar_spn(p)) {
data/gretl-2020e/lib/src/gretl_func.c:8865:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (len == strlen(s)) {
data/gretl-2020e/lib/src/gretl_help.c:89:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	    sscanf(line + 2, "%10s", word);
data/gretl-2020e/lib/src/gretl_help.c:139:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(setvar);
data/gretl-2020e/lib/src/gretl_help.c:146:2:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	sscanf(line + 2, "%8s", s);
data/gretl-2020e/lib/src/gretl_help.c:188:2:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	sscanf(line + 2, "%15s", word);
data/gretl-2020e/lib/src/gretl_help.c:235:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(path) - 9;
data/gretl-2020e/lib/src/gretl_intl.c:213:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(gretl_charset, charset, 31);
data/gretl-2020e/lib/src/gretl_intl.c:220:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(numstr, p, 4);
data/gretl-2020e/lib/src/gretl_intl.c:222:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(p) > 4) {
data/gretl-2020e/lib/src/gretl_intl.c:262:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (p != NULL && strlen(p) > 3 && isdigit(p[1])) {
data/gretl-2020e/lib/src/gretl_intl.c:686:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(langs[i].name);
data/gretl-2020e/lib/src/gretl_intl.c:699:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    n = strlen(langs[i].code);
data/gretl-2020e/lib/src/gretl_intl.c:846:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(ocpy, orig, 63);
data/gretl-2020e/lib/src/gretl_intl.c:1383:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tmp = malloc(strlen(s) + 1);
data/gretl-2020e/lib/src/gretl_intl.c:1484:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int invis = strlen(str) - g_utf8_strlen(str, -1);
data/gretl-2020e/lib/src/gretl_intl.c:1491:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int w = strlen(str);
data/gretl-2020e/lib/src/gretl_intl.h:135:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define TRANSLATED_WIDTH(s) strlen(s)
data/gretl-2020e/lib/src/gretl_list.c:751:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(s);
data/gretl-2020e/lib/src/gretl_list.c:1015:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len += strlen(dset->varname[vi]) + 1;
data/gretl-2020e/lib/src/gretl_list.c:1032:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(buf, " ");
data/gretl-2020e/lib/src/gretl_list.c:1112:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len += strlen("unknown") + 1;
data/gretl-2020e/lib/src/gretl_list.c:1114:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len += strlen(dset->varname[vi]) + 1;
data/gretl-2020e/lib/src/gretl_list.c:1134:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(buf, ",");
data/gretl-2020e/lib/src/gretl_list.c:1238:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(buf, "}");
data/gretl-2020e/lib/src/gretl_list.c:1709:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int ilen = strlen(si);
data/gretl-2020e/lib/src/gretl_list.c:1710:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int jlen = strlen(sj);
data/gretl-2020e/lib/src/gretl_list.c:1715:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    totlen += strlen(numstr);
data/gretl-2020e/lib/src/gretl_list.c:2867:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(test, s, len);
data/gretl-2020e/lib/src/gretl_list.c:3198:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(prefix) > VNAMELEN - 3) {
data/gretl-2020e/lib/src/gretl_midas.c:897:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(test, s, len);
data/gretl-2020e/lib/src/gretl_midas.c:2615:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char c = s[strlen(s) - 1];
data/gretl-2020e/lib/src/gretl_midas.c:2618:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(s, " ");
data/gretl-2020e/lib/src/gretl_model.c:420:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t size = strlen(str) + 1;
data/gretl-2020e/lib/src/gretl_model.c:6518:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(name) >= PNAMELEN) {
data/gretl-2020e/lib/src/gretl_model.c:6519:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(pmod->params[i], name, PNAMELEN - 2);
data/gretl-2020e/lib/src/gretl_model.c:6520:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(pmod->params[i], "~");
data/gretl-2020e/lib/src/gretl_mpi.c:864:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    bytes = strlen(buf) + 1;
data/gretl-2020e/lib/src/gretl_mpi.c:952:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(s) + 1;
data/gretl-2020e/lib/src/gretl_mpi.c:1275:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(s) + 1;
data/gretl-2020e/lib/src/gretl_panel.c:1119:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
		strcpy(rset->varname[k2], "_");
data/gretl-2020e/lib/src/gretl_panel.c:1120:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(rset->varname[k2], dset->varname[vj],
data/gretl-2020e/lib/src/gretl_paths.c:723:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(path);
data/gretl-2020e/lib/src/gretl_paths.c:1027:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(file) + strlen(path) + 1;
data/gretl-2020e/lib/src/gretl_paths.c:1027:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(file) + strlen(path) + 1;
data/gretl-2020e/lib/src/gretl_paths.c:1035:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(temp);
data/gretl-2020e/lib/src/gretl_paths.c:1059:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(finddir);
data/gretl-2020e/lib/src/gretl_paths.c:1065:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(tmp, "\\");
data/gretl-2020e/lib/src/gretl_paths.c:1075:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(tmp, "b");
data/gretl-2020e/lib/src/gretl_paths.c:1105:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (targ[strlen(targ)-1] != '\\') {
data/gretl-2020e/lib/src/gretl_paths.c:1108:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(targ, "*");
data/gretl-2020e/lib/src/gretl_paths.c:1162:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(tmp, "/");
data/gretl-2020e/lib/src/gretl_paths.c:1172:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(tmp, "b");
data/gretl-2020e/lib/src/gretl_paths.c:1188:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(src);
data/gretl-2020e/lib/src/gretl_paths.c:1193:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(targ, "/");
data/gretl-2020e/lib/src/gretl_paths.c:1842:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ret = malloc(strlen(homedir) + strlen(fname));
data/gretl-2020e/lib/src/gretl_paths.c:1842:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ret = malloc(strlen(homedir) + strlen(fname));
data/gretl-2020e/lib/src/gretl_paths.c:1862:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(fname);
data/gretl-2020e/lib/src/gretl_paths.c:1863:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int homelen = strlen(homedir);
data/gretl-2020e/lib/src/gretl_paths.c:1888:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(pkgname, fname, 63);
data/gretl-2020e/lib/src/gretl_paths.c:1994:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(gretldir);
data/gretl-2020e/lib/src/gretl_paths.c:1997:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(fname) < n) {
data/gretl-2020e/lib/src/gretl_paths.c:2042:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(paths.plugpath, path, len);
data/gretl-2020e/lib/src/gretl_paths.c:2084:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(dirname);
data/gretl-2020e/lib/src/gretl_paths.c:2150:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(s);
data/gretl-2020e/lib/src/gretl_paths.c:2207:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(paths.plugpath, epath, MAXLEN - 2);
data/gretl-2020e/lib/src/gretl_paths.c:2738:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(paths.gretldir, testname, s - testname);
data/gretl-2020e/lib/src/gretl_paths.c:2817:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(paths.plugpath, path, MAXLEN - 2);
data/gretl-2020e/lib/src/gretl_paths.c:2849:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(targ, path, MAXLEN - 2);
data/gretl-2020e/lib/src/gretl_paths.c:3159:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(paths.rbinpath, "R");
data/gretl-2020e/lib/src/gretl_paths.c:3201:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (s[strlen(s)-1] != SLASH) {
data/gretl-2020e/lib/src/gretl_paths.c:3436:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(slash, "/");
data/gretl-2020e/lib/src/gretl_paths.c:3438:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(split, "\\");
data/gretl-2020e/lib/src/gretl_paths.c:3439:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(slash, "\\");
data/gretl-2020e/lib/src/gretl_paths.c:3476:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(tmp, path, 2);
data/gretl-2020e/lib/src/gretl_paths.c:3544:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen(path);
data/gretl-2020e/lib/src/gretl_paths.c:3555:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (path[strlen(path) - 1] != '/') {
data/gretl-2020e/lib/src/gretl_paths.c:3556:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(path, "/");
data/gretl-2020e/lib/src/gretl_paths.c:3571:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (sscanf(s, "%7s %7s", cstr[0], cstr[1]) == 2) {
data/gretl-2020e/lib/src/gretl_paths.c:3595:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(cpaths->workdir, cwd, MAXLEN - 2);
data/gretl-2020e/lib/src/gretl_paths.c:3626:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strncat(val, line + strlen(key) + 3, MAXLEN - 1);
data/gretl-2020e/lib/src/gretl_paths.c:3650:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(cpaths->dbhost, val, 32 - 1);
data/gretl-2020e/lib/src/gretl_paths.c:3684:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(cpaths->pngfont, val, 128 - 1);
data/gretl-2020e/lib/src/gretl_paths.c:3918:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(s1) + strlen(s2) >= len) {
data/gretl-2020e/lib/src/gretl_paths.c:3918:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(s1) + strlen(s2) >= len) {
data/gretl-2020e/lib/src/gretl_paths.c:3975:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	end = start + strlen(start);
data/gretl-2020e/lib/src/gretl_paths.c:3995:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(targ, element, start - element);
data/gretl-2020e/lib/src/gretl_paths.c:4006:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(targ, &current_separator, 1);
data/gretl-2020e/lib/src/gretl_paths.c:4008:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(targ, start, end - start);
data/gretl-2020e/lib/src/gretl_paths.c:4056:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	end = start + strlen (start);
data/gretl-2020e/lib/src/gretl_paths.c:4074:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(targ, element, start - element);
data/gretl-2020e/lib/src/gretl_paths.c:4085:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(targ, "/");
data/gretl-2020e/lib/src/gretl_paths.c:4087:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(targ, start, end - start);
data/gretl-2020e/lib/src/gretl_plot.c:134:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	litlen += strlen(plot.lines[i]);
data/gretl-2020e/lib/src/gretl_plot.c:148:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(literal, "}");
data/gretl-2020e/lib/src/gretl_plot.c:261:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(s);
data/gretl-2020e/lib/src/gretl_prn.c:169:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(dotdir) + 16;
data/gretl-2020e/lib/src/gretl_prn.c:640:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(buf);
data/gretl-2020e/lib/src/gretl_prn.c:747:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	prn->blen = strlen(buf);
data/gretl-2020e/lib/src/gretl_prn.c:1018:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i, n = strlen(s) - 1;
data/gretl-2020e/lib/src/gretl_prn.c:1193:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    slen = strlen(s);
data/gretl-2020e/lib/src/gretl_restrict.c:1003:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(tmp, s, n);
data/gretl-2020e/lib/src/gretl_restrict.c:1688:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (sscanf(s, "%31s", fname) != 1) {
data/gretl-2020e/lib/src/gretl_restrict.c:1692:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    s += strlen(fname);
data/gretl-2020e/lib/src/gretl_restrict.c:1790:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(chunk, s, len);
data/gretl-2020e/lib/src/gretl_restrict.c:1885:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(line) == 8) {
data/gretl-2020e/lib/src/gretl_restrict.c:2957:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len += strlen(bstr) + 4;
data/gretl-2020e/lib/src/gretl_string_table.c:268:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(s);
data/gretl-2020e/lib/src/gretl_string_table.c:760:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strspn(s, test) < strlen(s)) {
data/gretl-2020e/lib/src/gretl_string_table.c:890:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    m = strlen(u);
data/gretl-2020e/lib/src/gretl_string_table.c:897:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		m = strlen(s);
data/gretl-2020e/lib/src/gretl_string_table.c:998:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    int n = strlen(content);
data/gretl-2020e/lib/src/gretl_string_table.c:1147:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i, n = strlen(s);
data/gretl-2020e/lib/src/gretl_string_table.c:1214:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(line);
data/gretl-2020e/lib/src/gretl_string_table.c:1257:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(sname, s + 1, n);
data/gretl-2020e/lib/src/gretl_string_table.c:1261:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    m = strlen(sub);
data/gretl-2020e/lib/src/gretl_utils.c:891:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    stobs[strlen(stobs) - 1] == '.') {
data/gretl-2020e/lib/src/gretl_utils.c:1993:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(pkgname, s, FN_NAMELEN+3);
data/gretl-2020e/lib/src/gretl_utils.c:2279:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(OB_core, s, 31);
data/gretl-2020e/lib/src/gretl_utils.c:2525:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (*fname == '.' && strlen(fname) > 3) {
data/gretl-2020e/lib/src/gretl_utils.c:2956:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	max_dlen = strlen(pathcpy);
data/gretl-2020e/lib/src/gretl_utils.c:2966:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    dlen = strlen(dirs[i]);
data/gretl-2020e/lib/src/gretl_utils.c:2974:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(fullpath = malloc(max_dlen + strlen(prog) + 2)) == NULL) {
data/gretl-2020e/lib/src/gretl_win32.c:745:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(targdir);
data/gretl-2020e/lib/src/gretl_win32.c:1235:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    from = calloc(strlen(path) + 2, 1);
data/gretl-2020e/lib/src/gretl_win32.c:1544:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen (strs[i]);
data/gretl-2020e/lib/src/gretl_win32.c:1620:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(buf) == 8) {
data/gretl-2020e/lib/src/gretl_win32.c:1660:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(tmp, s, dmax);
data/gretl-2020e/lib/src/gretl_win32.c:1918:5:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    fscanf(fp, "%4s", test);
data/gretl-2020e/lib/src/gretl_win32.c:1939:5:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    sscanf(s, "%4s", test);
data/gretl-2020e/lib/src/gretl_www.c:139:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(u->agent, "w");
data/gretl-2020e/lib/src/gretl_www.c:775:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		     CURLFORM_BUFFERLENGTH, strlen(buf),
data/gretl-2020e/lib/src/gretl_www.c:1092:3:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		sscanf(buf, "%63s", tmp);
data/gretl-2020e/lib/src/gretl_www.c:1138:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	    sscanf(p + 2, "%15s", pkgdir) != 1 ||
data/gretl-2020e/lib/src/gretl_www.c:1150:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen(SF) + strlen(pkgdir) + strlen(pkgbase) + 7;
data/gretl-2020e/lib/src/gretl_www.c:1150:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen(SF) + strlen(pkgdir) + strlen(pkgbase) + 7;
data/gretl-2020e/lib/src/gretl_www.c:1150:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen(SF) + strlen(pkgdir) + strlen(pkgbase) + 7;
data/gretl-2020e/lib/src/gretl_xml.c:219:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (p != NULL && strlen(dest) > 3) {
data/gretl-2020e/lib/src/gretl_xml.c:997:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(s);
data/gretl-2020e/lib/src/gretl_xml.c:2755:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(targ, src, maxlen - 1);
data/gretl-2020e/lib/src/gretl_xml.c:3982:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(tmpset->stobs, "1");
data/gretl-2020e/lib/src/gretl_xml.c:4185:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(tmpset->stobs, "1");
data/gretl-2020e/lib/src/gretl_xml.c:4323:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(tmpset->stobs, "1");
data/gretl-2020e/lib/src/gretl_zip.c:627:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(tmp) - 4; /* minus 4 for ".gfn" */
data/gretl-2020e/lib/src/interact.c:124:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(s) >= MAXLINE) {
data/gretl-2020e/lib/src/interact.c:217:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    s += strlen(word);
data/gretl-2020e/lib/src/interact.c:379:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(shellnam, "-");
data/gretl-2020e/lib/src/interact.c:473:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i, n = strlen(s);
data/gretl-2020e/lib/src/interact.c:492:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    rem = n = strlen(line);
data/gretl-2020e/lib/src/interact.c:501:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	m = strlen(tmp);
data/gretl-2020e/lib/src/interact.c:517:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(s);
data/gretl-2020e/lib/src/interact.c:546:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(s);
data/gretl-2020e/lib/src/interact.c:591:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(line) < maxline) {
data/gretl-2020e/lib/src/interact.c:606:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    p += strlen(buf);
data/gretl-2020e/lib/src/interact.c:846:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(line) < maxline) {
data/gretl-2020e/lib/src/interact.c:862:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    p += strlen(buf);
data/gretl-2020e/lib/src/interact.c:967:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen(thisdir);
data/gretl-2020e/lib/src/interact.c:1471:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(line) + strlen(tmp) > MAXLINE - 1) {
data/gretl-2020e/lib/src/interact.c:1471:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(line) + strlen(tmp) > MAXLINE - 1) {
data/gretl-2020e/lib/src/interact.c:1587:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (p != NULL && strlen(p) == 1) {
data/gretl-2020e/lib/src/interact.c:1619:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(vname, s, n);
data/gretl-2020e/lib/src/interact.c:1659:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    n = strlen(s);
data/gretl-2020e/lib/src/interact.c:1725:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(s) + 1;
data/gretl-2020e/lib/src/interact.c:2550:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	tmp = g_strndup(fname, strlen(fname) - 4);
data/gretl-2020e/lib/src/interact.c:4064:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(s) == gretl_namechar_spn(s)) {
data/gretl-2020e/lib/src/kalman.c:1560:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen(bname) + 1;
data/gretl-2020e/lib/src/kalman.c:1568:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if (!strncmp(lines[i] + n, s, strlen(s))) {
data/gretl-2020e/lib/src/libset.c:1494:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(s) == 1 && ispunct(*s)) {
data/gretl-2020e/lib/src/libset.c:2927:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(targ, s+1, p-s-1);
data/gretl-2020e/lib/src/libset.c:2930:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(targ, s, len);
data/gretl-2020e/lib/src/libset.c:3067:11:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	    nf = sscanf(line, "%*s %31s %31s", setobj, setarg);
data/gretl-2020e/lib/src/matrix_extra.c:792:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(s);
data/gretl-2020e/lib/src/matrix_extra.c:1109:9:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    c = fgetc(fp);
data/gretl-2020e/lib/src/matrix_extra.c:1117:10:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    c = fgetc(fp);
data/gretl-2020e/lib/src/matrix_extra.c:1228:9:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (fscanf(fp, "%2s", test) < 1) {
data/gretl-2020e/lib/src/matrix_extra.c:1521:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	fwrite(header, 1, strlen(header), fp);
data/gretl-2020e/lib/src/matrix_extra.c:1533:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	fwrite(header, 1, strlen(header), fp);
data/gretl-2020e/lib/src/matrix_extra.c:1601:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s[strlen(s) - 1] = 0;
data/gretl-2020e/lib/src/matrix_extra.c:1616:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(s, "0");
data/gretl-2020e/lib/src/matrix_extra.c:1629:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	c = strlen(s);
data/gretl-2020e/lib/src/matrix_extra.c:1889:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(wtest);
data/gretl-2020e/lib/src/matrix_extra.c:1953:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(p, "d");
data/gretl-2020e/lib/src/matrix_extra.c:1955:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ifmt[strlen(ifmt)-1] = 'd';
data/gretl-2020e/lib/src/matrix_extra.c:1995:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int cpos = strlen(fmt) - 1;
data/gretl-2020e/lib/src/matrix_extra.c:2076:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(full, msg, 32);
data/gretl-2020e/lib/src/matrix_extra.c:2077:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	sprintf(full + strlen(full), " (%p)", (void *) m);
data/gretl-2020e/lib/src/modelprint.c:118:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return strlen(s);
data/gretl-2020e/lib/src/modelprint.c:130:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(s, "−"); /* U+2212: minus */
data/gretl-2020e/lib/src/modelprint.c:1596:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (sscanf(vname, "d_%13s", tmp)) {
data/gretl-2020e/lib/src/modelprint.c:1753:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(vname, "$");
data/gretl-2020e/lib/src/modelprint.c:1766:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(vname, "$");
data/gretl-2020e/lib/src/modelprint.c:1782:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(vname, " ");
data/gretl-2020e/lib/src/modelprint.c:1922:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(targ, ":");
data/gretl-2020e/lib/src/modelprint.c:1924:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(targ, "-");
data/gretl-2020e/lib/src/modelprint.c:2038:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    } else if (strlen(pmod->name) > 8) {
data/gretl-2020e/lib/src/modelprint.c:2759:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	d1 = strlen(_(s1)) - g_utf8_strlen(_(s1), -1);
data/gretl-2020e/lib/src/modelprint.c:2760:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	d2 = strlen(_(s2)) - g_utf8_strlen(_(s2), -1);
data/gretl-2020e/lib/src/modelprint.c:2805:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(s, " ");
data/gretl-2020e/lib/src/modelprint.c:2850:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (strlen(p) == 4) {
data/gretl-2020e/lib/src/modelprint.c:3845:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *ret = malloc(strlen(s) + 1 + n);
data/gretl-2020e/lib/src/modelprint.c:3989:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(test);
data/gretl-2020e/lib/src/modelprint.c:4115:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(s);
data/gretl-2020e/lib/src/modelprint.c:4121:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(tmp, s, n);
data/gretl-2020e/lib/src/modelprint.c:4631:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(name);
data/gretl-2020e/lib/src/modelprint.c:4920:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	namepad = namelen + strlen(tmp) - g_utf8_strlen(tmp, -1);
data/gretl-2020e/lib/src/monte_carlo.c:289:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(test, s, 63);
data/gretl-2020e/lib/src/monte_carlo.c:339:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(expr, clr->expr, 63);
data/gretl-2020e/lib/src/monte_carlo.c:351:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(expr, clr->expr, 63);
data/gretl-2020e/lib/src/monte_carlo.c:838:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (loop->parent != NULL && strlen(s) == gretl_namechar_spn(s)) {
data/gretl-2020e/lib/src/monte_carlo.c:1054:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strval != NULL && strlen(strval) < VNAMELEN) {
data/gretl-2020e/lib/src/monte_carlo.c:1338:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    s += strlen(ivar);
data/gretl-2020e/lib/src/monte_carlo.c:1475:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(lvar, s0, n);
data/gretl-2020e/lib/src/monte_carlo.c:2657:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(lprn->names[i]);
data/gretl-2020e/lib/src/monte_carlo.c:2877:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	targlen = strlen(targ);
data/gretl-2020e/lib/src/monte_carlo.c:2880:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	targlen = strlen(targ);
data/gretl-2020e/lib/src/monte_carlo.c:2917:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    inslen = strlen(ins);
data/gretl-2020e/lib/src/monte_carlo.c:2921:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	cumlen = strlen(str);
data/gretl-2020e/lib/src/monte_carlo.c:2924:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    q = malloc(strlen(strstr(str, targ)));
data/gretl-2020e/lib/src/nls.c:245:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(word, s, n);
data/gretl-2020e/lib/src/nls.c:801:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(sname, s, n);
data/gretl-2020e/lib/src/nls.c:1829:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(spec->nlfunc) + strlen(spec->lhname);
data/gretl-2020e/lib/src/nls.c:1829:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(spec->nlfunc) + strlen(spec->lhname);
data/gretl-2020e/lib/src/nls.c:1860:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		n = VNAMELEN - strlen(pname) - 3;
data/gretl-2020e/lib/src/nls.c:2986:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(word, line, n);
data/gretl-2020e/lib/src/nls.c:3106:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    flen = strlen(vname) + strlen(rhs) + 6;
data/gretl-2020e/lib/src/nls.c:3106:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    flen = strlen(vname) + strlen(rhs) + 6;
data/gretl-2020e/lib/src/nonparam.c:278:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n1 = strlen(dset->varname[vx]);
data/gretl-2020e/lib/src/nonparam.c:279:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n2 = strlen(dset->varname[vy]);
data/gretl-2020e/lib/src/objstack.c:729:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(vstr) > 3) {
data/gretl-2020e/lib/src/objstack.c:740:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(vstr) > 4) {
data/gretl-2020e/lib/src/objstack.c:1591:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(name, s, len);
data/gretl-2020e/lib/src/options.c:1104:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(s);
data/gretl-2020e/lib/src/options.c:1583:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int optlen, slen = strlen(s);
data/gretl-2020e/lib/src/options.c:1589:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		optlen = strlen(gretl_opts[i].longopt);
data/gretl-2020e/lib/src/plotspec.c:706:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ret = malloc(strlen(s) + 1 + qcount);
data/gretl-2020e/lib/src/plotspec.c:1681:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(x, "x");
data/gretl-2020e/lib/src/printout.c:175:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(cf->names[i]);
data/gretl-2020e/lib/src/printout.c:215:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int rem = width - strlen(s);
data/gretl-2020e/lib/src/printout.c:256:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	nmax = strlen(s);
data/gretl-2020e/lib/src/printout.c:274:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    nmax = strlen(s);
data/gretl-2020e/lib/src/printout.c:282:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    n = strlen(s);
data/gretl-2020e/lib/src/printout.c:404:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    nlw = len - strlen(word);
data/gretl-2020e/lib/src/printout.c:422:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    nlw = 10 - strlen(word);
data/gretl-2020e/lib/src/printout.c:457:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len = strlen(word);
data/gretl-2020e/lib/src/printout.c:466:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len = strlen(word);
data/gretl-2020e/lib/src/printout.c:563:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(targ, "}");
data/gretl-2020e/lib/src/printout.c:576:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(tab->Sr[i]);
data/gretl-2020e/lib/src/printout.c:590:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(tab->Sc[j]);
data/gretl-2020e/lib/src/printout.c:686:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(lbl, tab->Sc[j], 63);
data/gretl-2020e/lib/src/printout.c:728:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(lbl, tab->Sr[i], 63);
data/gretl-2020e/lib/src/printout.c:1033:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    memmove(p+1, p+2, strlen(p+1));
data/gretl-2020e/lib/src/printout.c:1037:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(s);
data/gretl-2020e/lib/src/printout.c:1105:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int namelen = strlen(dset->varname[v]);
data/gretl-2020e/lib/src/printout.c:1133:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(s);
data/gretl-2020e/lib/src/printout.c:1176:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(targ) - 1;
data/gretl-2020e/lib/src/printout.c:1188:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(targ, "−"); /* U+2212: minus */
data/gretl-2020e/lib/src/printout.c:1223:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	forept = strlen(numstr);
data/gretl-2020e/lib/src/printout.c:1229:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(final, " ");
data/gretl-2020e/lib/src/printout.c:1232:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tmp = strlen(numstr) - 1;
data/gretl-2020e/lib/src/printout.c:1241:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tmp = totlen - strlen(final);
data/gretl-2020e/lib/src/printout.c:1243:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(final, " ");
data/gretl-2020e/lib/src/printout.c:1418:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(vmat->names[i]);
data/gretl-2020e/lib/src/printout.c:1467:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    n = strlen(s);
data/gretl-2020e/lib/src/printout.c:1484:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    n = strlen(vmat->names[j]);
data/gretl-2020e/lib/src/printout.c:1501:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    n = strlen(vmat->names[ij2]);
data/gretl-2020e/lib/src/printout.c:1552:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ywidth = strlen(label) + 1;
data/gretl-2020e/lib/src/printout.c:1630:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ls = strlen(s);
data/gretl-2020e/lib/src/printout.c:1657:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(s);
data/gretl-2020e/lib/src/printout.c:1709:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(str);
data/gretl-2020e/lib/src/printout.c:1771:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s = strlen(numstr) - 1;
data/gretl-2020e/lib/src/printout.c:1857:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return (strlen(n1) > strlen(n2));
data/gretl-2020e/lib/src/printout.c:1857:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return (strlen(n1) > strlen(n2));
data/gretl-2020e/lib/src/printout.c:1934:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	l = width - strlen(numstr);
data/gretl-2020e/lib/src/printout.c:1936:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(buf, " ");
data/gretl-2020e/lib/src/printout.c:1981:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int srclen = strlen(src);
data/gretl-2020e/lib/src/printout.c:1990:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (p != NULL && isdigit(*(p+1)) && strlen(p) < 4) {
data/gretl-2020e/lib/src/printout.c:1995:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(targ, src, fore - snip);
data/gretl-2020e/lib/src/printout.c:1996:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(targ, "~");
data/gretl-2020e/lib/src/printout.c:1999:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(targ, src, NAMETRUNC - 2);
data/gretl-2020e/lib/src/printout.c:2000:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(targ, "~");
data/gretl-2020e/lib/src/printout.c:2014:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    ni = strlen(dset->varname[list[i]]);
data/gretl-2020e/lib/src/printout.c:2071:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len = strlen(name);
data/gretl-2020e/lib/src/printout.c:2256:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return strlen(s);
data/gretl-2020e/lib/src/printout.c:3210:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ywidth = strlen(label) + 1;
data/gretl-2020e/lib/src/printout.c:3636:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(s, "\n");
data/gretl-2020e/lib/src/printscan.c:104:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(p);
data/gretl-2020e/lib/src/printscan.c:453:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int adj = strlen(str) - g_utf8_strlen(str, -1);
data/gretl-2020e/lib/src/printscan.c:482:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (uprec > 0 && uprec < strlen(str)) {
data/gretl-2020e/lib/src/printscan.c:485:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		adj = strlen(trunc) - g_utf8_strlen(trunc, -1);
data/gretl-2020e/lib/src/printscan.c:797:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*nchars = strlen(buf);
data/gretl-2020e/lib/src/printscan.c:896:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i, n = strlen(s);
data/gretl-2020e/lib/src/printscan.c:1380:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tmp = malloc(strlen(args) + 9);
data/gretl-2020e/lib/src/pvalues.c:3920:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    m += strlen(S[i]) + 1;
data/gretl-2020e/lib/src/strutils.c:119:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	p = strlen(str);
data/gretl-2020e/lib/src/strutils.c:146:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	p = strlen(str);
data/gretl-2020e/lib/src/strutils.c:230:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t i, n = strlen(str);
data/gretl-2020e/lib/src/strutils.c:259:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen(str);
data/gretl-2020e/lib/src/strutils.c:385:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (p != NULL && strlen(p) == strlen(sfx)) {
data/gretl-2020e/lib/src/strutils.c:385:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (p != NULL && strlen(p) == strlen(sfx)) {
data/gretl-2020e/lib/src/strutils.c:442:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(str) == 3) {
data/gretl-2020e/lib/src/strutils.c:500:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i, n = strlen(s);
data/gretl-2020e/lib/src/strutils.c:550:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t n = strlen(src) + 1;
data/gretl-2020e/lib/src/strutils.c:575:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len = strlen(src);
data/gretl-2020e/lib/src/strutils.c:667:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(*orig);
data/gretl-2020e/lib/src/strutils.c:669:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n += strlen(sep);
data/gretl-2020e/lib/src/strutils.c:671:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n += strlen(add) + 1;
data/gretl-2020e/lib/src/strutils.c:1152:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (n < strlen(str)) {
data/gretl-2020e/lib/src/strutils.c:1340:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t n = strlen(str);
data/gretl-2020e/lib/src/strutils.c:1369:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(str);
data/gretl-2020e/lib/src/strutils.c:1404:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(str);
data/gretl-2020e/lib/src/strutils.c:1440:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
        strncat(targ, src, i);
data/gretl-2020e/lib/src/strutils.c:1486:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(src) + strlen(ext) + 2;
data/gretl-2020e/lib/src/strutils.c:1486:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(src) + strlen(ext) + 2;
data/gretl-2020e/lib/src/strutils.c:1491:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len -= strlen(p);
data/gretl-2020e/lib/src/strutils.c:1498:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(ret, src, p - src);
data/gretl-2020e/lib/src/strutils.c:1502:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(ret, ".");
data/gretl-2020e/lib/src/strutils.c:1555:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(str) - 1;
data/gretl-2020e/lib/src/strutils.c:1657:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(p);
data/gretl-2020e/lib/src/strutils.c:1700:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(str);
data/gretl-2020e/lib/src/strutils.c:1748:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    memmove(s + 1, p, strlen(p) + 1);
data/gretl-2020e/lib/src/strutils.c:2526:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(s) + 1;
data/gretl-2020e/lib/src/strutils.c:2593:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(s) + 1;
data/gretl-2020e/lib/src/strutils.c:2714:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(vname);
data/gretl-2020e/lib/src/strutils.c:2779:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(fname);
data/gretl-2020e/lib/src/strutils.c:2828:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(s);
data/gretl-2020e/lib/src/strutils.c:2847:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nt = strlen(test);
data/gretl-2020e/lib/src/strutils.c:2848:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(s);
data/gretl-2020e/lib/src/strutils.c:2911:12:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    return strncat(dest, src, b0);
data/gretl-2020e/lib/src/strutils.c:2946:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(dest, src, b0);
data/gretl-2020e/lib/src/strutils.c:2948:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(dest);
data/gretl-2020e/lib/src/strutils.c:3043:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(targ) + strlen(src) + 1 - (p - s);
data/gretl-2020e/lib/src/strutils.c:3043:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(targ) + strlen(src) + 1 - (p - s);
data/gretl-2020e/lib/src/strutils.c:3045:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(ret, targ, s - targ);
data/gretl-2020e/lib/src/strutils.c:3140:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int mlen = strlen(match);
data/gretl-2020e/lib/src/strutils.c:3156:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int ldiff = nrep * (strlen(repl) - mlen);
data/gretl-2020e/lib/src/strutils.c:3158:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	mod = malloc(strlen(orig) + ldiff + 1);
data/gretl-2020e/lib/src/strutils.c:3163:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(mod, q, r - q);
data/gretl-2020e/lib/src/subsample.c:1378:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(subset->stobs, "1");
data/gretl-2020e/lib/src/subsample.c:1482:11:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    char *umask, *pmask;
data/gretl-2020e/lib/src/subsample.c:1495:6:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	    umask[i / T] = 1;
data/gretl-2020e/lib/src/subsample.c:1502:10:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	    if (umask[i / T] && pmask[i % T]) {
data/gretl-2020e/lib/src/subsample.c:1514:10:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    free(umask);
data/gretl-2020e/lib/src/subsample.c:2018:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(old);
data/gretl-2020e/lib/src/subsample.c:2022:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n += strlen("random");
data/gretl-2020e/lib/src/subsample.c:2024:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n += strlen("no-missing");
data/gretl-2020e/lib/src/subsample.c:2026:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n += strlen(restr);
data/gretl-2020e/lib/src/system.c:1001:10:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	    if (sscanf(p, "%8s", mstr) == 1) {
data/gretl-2020e/lib/src/system.c:1015:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(s);
data/gretl-2020e/lib/src/system.c:1022:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(mstr, s + 7, 8);
data/gretl-2020e/lib/src/texprint.c:60:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(test, p, 3);
data/gretl-2020e/lib/src/texprint.c:135:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    n = sscanf(s, "%15[^_^]%1[_^]%7s", base, op, mod);
data/gretl-2020e/lib/src/texprint.c:234:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(s, "&");
data/gretl-2020e/lib/src/texprint.c:292:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(s, "&");
data/gretl-2020e/lib/src/texprint.c:324:9:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	return strcpy(s, " ");
data/gretl-2020e/lib/src/texprint.c:374:9:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	return strcpy(s, " ");
data/gretl-2020e/lib/src/texprint.c:535:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
		strcpy(texname, "y");
data/gretl-2020e/lib/src/texprint.c:700:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(numstr, " ");
data/gretl-2020e/lib/src/texprint.c:1148:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(lstr, lang, 2);
data/gretl-2020e/lib/src/texprint.c:1438:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    cchars += strlen(vname);
data/gretl-2020e/lib/src/texprint.c:1897:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(colspec[i], p, n);
data/gretl-2020e/lib/src/tokenize.c:629:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    tok[strlen(tok)-1] == ')') {
data/gretl-2020e/lib/src/tokenize.c:662:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (strlen(tok) == 2 && tok[1] == '=') {
data/gretl-2020e/lib/src/tokenize.c:697:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(test) == digit_spn(test)) {
data/gretl-2020e/lib/src/tokenize.c:736:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(tok, p, len);
data/gretl-2020e/lib/src/tokenize.c:940:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(tok->s);
data/gretl-2020e/lib/src/tokenize.c:962:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(ret, "[");
data/gretl-2020e/lib/src/tokenize.c:964:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(ret, "]");
data/gretl-2020e/lib/src/tokenize.c:966:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(ret, "(");
data/gretl-2020e/lib/src/tokenize.c:968:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(ret, ")");
data/gretl-2020e/lib/src/tokenize.c:1184:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    n += strlen(tok->s);
data/gretl-2020e/lib/src/tokenize.c:1257:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(optflag);
data/gretl-2020e/lib/src/tokenize.c:1355:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    n = strlen(tok->s);
data/gretl-2020e/lib/src/tokenize.c:1562:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *ret = malloc(strlen(s) + 3);
data/gretl-2020e/lib/src/tokenize.c:2057:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen(s);
data/gretl-2020e/lib/src/tokenize.c:2467:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    s = cmd->toks[i].lp + strlen(cmd->toks[i].s);
data/gretl-2020e/lib/src/tokenize.c:2476:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    s = cmd->toks[i].lp + strlen(cmd->toks[i].s);
data/gretl-2020e/lib/src/tokenize.c:2736:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(lstr, " ");
data/gretl-2020e/lib/src/tokenize.c:2747:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(lstr, "(");
data/gretl-2020e/lib/src/tokenize.c:2749:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(lstr, ")");
data/gretl-2020e/lib/src/tokenize.c:2752:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(lstr, "[");
data/gretl-2020e/lib/src/tokenize.c:2754:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(lstr, "]");
data/gretl-2020e/lib/src/tokenize.c:2905:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(lstr, " ");
data/gretl-2020e/lib/src/tokenize.c:2936:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (lstr[strlen(lstr)-1] == ';') {
data/gretl-2020e/lib/src/tokenize.c:2937:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		lstr[strlen(lstr)-1] = '\0';
data/gretl-2020e/lib/src/tokenize.c:3214:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    s += strlen(tok->s);
data/gretl-2020e/lib/src/tokenize.c:3217:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    s += strlen(tok->s);
data/gretl-2020e/lib/src/tokenize.c:3460:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(tok, s, n);
data/gretl-2020e/lib/src/tokenize.c:3474:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(tok, s, m);
data/gretl-2020e/lib/src/tokenize.c:3483:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(tok, s, m);
data/gretl-2020e/lib/src/tokenize.c:3487:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(tok, s, n);
data/gretl-2020e/lib/src/tokenize.c:3496:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(tok, s+1, n);
data/gretl-2020e/lib/src/tokenize.c:3524:7:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		    strncat(tok, s, m);
data/gretl-2020e/lib/src/tokenize.c:3530:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(tok, s, m);
data/gretl-2020e/lib/src/tokenize.c:3537:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(tok, s, m);
data/gretl-2020e/lib/src/tokenize.c:3551:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(tok, s, m);
data/gretl-2020e/lib/src/tokenize.c:4039:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (sscanf(s, "%5s", word) == 1) {
data/gretl-2020e/lib/src/transforms.c:98:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(vname, orig, len - 2);
data/gretl-2020e/lib/src/transforms.c:101:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(vname, orig, len - 3);
data/gretl-2020e/lib/src/transforms.c:104:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(vname, orig, len - 3);
data/gretl-2020e/lib/src/transforms.c:107:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(vname, orig, len - 2);
data/gretl-2020e/lib/src/transforms.c:110:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(vname, orig, len - 2);
data/gretl-2020e/lib/src/transforms.c:113:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(vname, orig, len - 3);
data/gretl-2020e/lib/src/transforms.c:120:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(vname, orig, len - strlen(ext));
data/gretl-2020e/lib/src/transforms.c:120:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    strncat(vname, orig, len - strlen(ext));
data/gretl-2020e/lib/src/transforms.c:131:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    n1 = strlen(orig);
data/gretl-2020e/lib/src/transforms.c:132:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    n2 = strlen(ext);
data/gretl-2020e/lib/src/transforms.c:142:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(vname, orig, len - n2);
data/gretl-2020e/lib/src/transforms.c:154:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(vname, "D");
data/gretl-2020e/lib/src/transforms.c:155:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(vname, orig, len - strlen(ext) - 1);
data/gretl-2020e/lib/src/transforms.c:155:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strncat(vname, orig, len - strlen(ext) - 1);
data/gretl-2020e/lib/src/transforms.c:159:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(vname, orig, len - 2);
data/gretl-2020e/lib/src/transforms.c:166:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(vname, orig, len - 2);
data/gretl-2020e/lib/src/transforms.c:169:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(vname, orig, len - 3);
data/gretl-2020e/lib/src/transforms.c:291:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n1 = strlen(dset->varname[v1]);
data/gretl-2020e/lib/src/transforms.c:292:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n2 = strlen(dset->varname[v2]);
data/gretl-2020e/lib/src/transforms.c:304:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(vname, dset->varname[v1], n1 - cut1);
data/gretl-2020e/lib/src/transforms.c:305:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(vname, "_");
data/gretl-2020e/lib/src/transforms.c:306:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(vname, dset->varname[v2], n2 - cut2);
data/gretl-2020e/lib/src/transforms.c:1076:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(dset->varname[list[i]]);
data/gretl-2020e/lib/src/transforms.c:1179:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(sfx);
data/gretl-2020e/lib/src/transforms.c:1180:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(tmp, s, nc - n);
data/gretl-2020e/lib/src/transforms.c:1239:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (strlen(dset->varname[v]) > maxc) {
data/gretl-2020e/lib/src/tsls.c:904:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(dset->varname[v1], dset->varname[v0], VNAMELEN - 3);
data/gretl-2020e/lib/src/usermat.c:1185:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    m = strlen(tmp);
data/gretl-2020e/lib/src/uservar.c:954:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (orig == NULL || len > strlen(orig) + 1) {
data/gretl-2020e/lib/src/uservar.c:1524:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len = strlen(uvars[i]->name);
data/gretl-2020e/lib/src/uservar.c:1730:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(bname, name, p - name);
data/gretl-2020e/lib/src/var.c:2307:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    n = strlen(lagstr);
data/gretl-2020e/lib/src/var.c:2312:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(params[k], dset->varname[v->ylist[i]],
data/gretl-2020e/lib/src/var.c:2314:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(params[k], lagstr, n);
data/gretl-2020e/lib/src/var.c:2386:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(pmod->depvar, yname, VNAMELEN - 3);
data/gretl-2020e/lib/src/varprint.c:218:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(dset->varname[v]);
data/gretl-2020e/lib/src/varprint.c:596:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ni = strlen(s);
data/gretl-2020e/lib/src/varprint.c:756:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		wi = strlen(vname);
data/gretl-2020e/lib/src/varprint.c:764:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		wi = strlen(vname) + 1;
data/gretl-2020e/lib/src/varprint.c:782:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(src) < 8) {
data/gretl-2020e/lib/src/varprint.c:793:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		wi = strlen(src);
data/gretl-2020e/lib/src/varprint.c:973:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(dset->varname[v]);
data/gretl-2020e/lib/src/varprint.c:1179:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    llen = strlen(label);
data/gretl-2020e/lib/src/varprint.c:1210:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    llen = strlen(label);
data/gretl-2020e/plugin/arbond.c:2684:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(test, s, len);
data/gretl-2020e/plugin/arma_init.c:569:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(aset->varname[1], "y");
data/gretl-2020e/plugin/arma_init.c:841:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(aset->varname[1], "y");
data/gretl-2020e/plugin/arma_init.c:1163:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(src) + strlen(targ) > MAXLINE - 1) {
data/gretl-2020e/plugin/arma_init.c:1163:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(src) + strlen(targ) > MAXLINE - 1) {
data/gretl-2020e/plugin/arma_init.c:1192:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(chunk, "(");
data/gretl-2020e/plugin/arma_init.c:1340:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(fnstr, "0");
data/gretl-2020e/plugin/arma_x12.c:146:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			 GRETL_TYPE_STRING, strlen(unique) + 1);
data/gretl-2020e/plugin/arma_x12.c:185:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(s);
data/gretl-2020e/plugin/arma_x12.c:208:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(date, s, 4);
data/gretl-2020e/plugin/arma_x12.c:209:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(date, ":");
data/gretl-2020e/plugin/arma_x12.c:210:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(date, s + 4, 4);
data/gretl-2020e/plugin/arma_x12.c:213:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(date, s, 4);
data/gretl-2020e/plugin/arma_x12.c:239:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	if (sscanf(line, "%11s %lf", statname, &x) == 2) {
data/gretl-2020e/plugin/arma_x12.c:503:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	if (sscanf(line, "%15s", word) == 1) {
data/gretl-2020e/plugin/arma_x12.c:940:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i, n = strlen(path);
data/gretl-2020e/plugin/arma_x12.c:944:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(old, path, n - 3);
data/gretl-2020e/plugin/eviews_import.c:267:6:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	if (fscanf(fp, "%31s", vname) != 1) {
data/gretl-2020e/plugin/excel_import.c:196:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(dest, s, count);
data/gretl-2020e/plugin/excel_import.c:294:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(show, (char *) src + this_skip, count);
data/gretl-2020e/plugin/excel_import.c:374:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int i, len = strlen(s);
data/gretl-2020e/plugin/gretlzip.c:41:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		n = strlen(s);
data/gretl-2020e/plugin/gretlzip.c:45:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			n = strlen(topdir);
data/gretl-2020e/plugin/iso3166.c:348:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(src);
data/gretl-2020e/plugin/jmulti_import.c:15:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(test, name, VNAMELEN - 2);
data/gretl-2020e/plugin/jmulti_import.c:16:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(test, "1");
data/gretl-2020e/plugin/jmulti_import.c:36:17:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    while ((c = fgetc(fp)) != EOF) {
data/gretl-2020e/plugin/jmulti_import.c:72:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	q = p + strlen(p);
data/gretl-2020e/plugin/jmulti_import.c:83:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s = realloc(*desc, strlen(*desc) + len + 2);
data/gretl-2020e/plugin/jmulti_import.c:91:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(s, p, len);
data/gretl-2020e/plugin/jmulti_import.c:92:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(s, "\n");
data/gretl-2020e/plugin/jmulti_import.c:139:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((*s2 == 'Q' || *s2 == 'M') && strlen(s2) < 2) {
data/gretl-2020e/plugin/jmulti_import.c:148:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(s2) < 3) {
data/gretl-2020e/plugin/jmulti_import.c:202:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
		strcpy(stobs, "1");
data/gretl-2020e/plugin/jmulti_import.c:205:8:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		nf = sscanf(line, "<%15s %7[^> ]", s1, s2);
data/gretl-2020e/plugin/jmulti_import.c:279:10:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	    if (sscanf(s, "%31s", numstr) != 1) {
data/gretl-2020e/plugin/johansen.c:318:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(s);
data/gretl-2020e/plugin/johansen.c:359:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(tmp);
data/gretl-2020e/plugin/jrestrict.c:2790:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ni = strlen(s);
data/gretl-2020e/plugin/json_get.c:485:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    n = strlen(S[i]);
data/gretl-2020e/plugin/json_get.c:546:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(jb->a[i][0]) == 0 || !strcmp(jb->a[i][0], "*")) {
data/gretl-2020e/plugin/libole2/ms-ole.c:222:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    rd = read(f->file_des, attr->data, BB_BLOCK_SIZE);
data/gretl-2020e/plugin/libole2/ms-ole.c:792:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    read(file, f->mem, BB_BLOCK_SIZE) == -1) {
data/gretl-2020e/plugin/libshp/dbfopen.c:139:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i, len = (int) strlen(Basename);
data/gretl-2020e/plugin/libshp/dbfopen.c:266:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	DBF->CodePage = malloc(strlen((char *) buf) + 1);
data/gretl-2020e/plugin/libshp/dbfopen.c:503:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return strlen(Value) == 0;
data/gretl-2020e/plugin/libshp/dbfopen.c:553:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(FieldName, (char *) DBF->Header + iField*XBASE_FLDHDR_SZ,
data/gretl-2020e/plugin/libshp/shpopen.c:135:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i, len = (int) strlen(Basename);
data/gretl-2020e/plugin/libsvm/svmlib.cpp:2879:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = (int) strlen(line);
data/gretl-2020e/plugin/libsvm/svmlib.cpp:2978:11:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		int c = getc(fp);
data/gretl-2020e/plugin/mailer.c:180:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    gint n = strlen(s) + 1;
data/gretl-2020e/plugin/mailer.c:597:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (fname != NULL && strlen(fname) > 4) {
data/gretl-2020e/plugin/mailer.c:1050:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(int) strlen(minfo->pass));
data/gretl-2020e/plugin/mpack/encode.c:62:18:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    while ((c1 = getc(infile)) != EOF) {
data/gretl-2020e/plugin/mpack/encode.c:63:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        c2 = getc(infile);
data/gretl-2020e/plugin/mpack/encode.c:67:18:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            c3 = getc(infile);
data/gretl-2020e/plugin/odbc_import.c:346:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if (strlen(odinfo->S[t]) + strlen(obsbit) > OBSLEN - 1) {
data/gretl-2020e/plugin/odbc_import.c:346:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if (strlen(odinfo->S[t]) + strlen(obsbit) > OBSLEN - 1) {
data/gretl-2020e/plugin/pca.c:234:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	nl = strlen(cmat->names[i]);
data/gretl-2020e/plugin/sas_import.c:247:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(vname, nstr.nname, 8);
data/gretl-2020e/plugin/sas_import.c:250:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(label, nstr.nlabel, 40);
data/gretl-2020e/plugin/sas_import.c:288:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(dstr, buf, 16);
data/gretl-2020e/plugin/sas_import.c:290:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (sscanf(dstr, "%2d%3s%2d:%2d:%2d:%2d", 
data/gretl-2020e/plugin/sas_import.c:305:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(tmp, buf + 75, 3);
data/gretl-2020e/plugin/sas_import.c:316:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(tmp, buf + 54, 4);
data/gretl-2020e/plugin/sas_import.c:328:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(hstr, buf, 13);
data/gretl-2020e/plugin/sas_import.c:332:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(hstr, buf + 20, 7);
data/gretl-2020e/plugin/sas_import.c:455:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(cbuf, buf + pos, finfo->vars[i].size);
data/gretl-2020e/plugin/sas_import.c:581:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen(dset->descrip) + strlen(finfo->revdate) + 20;
data/gretl-2020e/plugin/sas_import.c:581:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen(dset->descrip) + strlen(finfo->revdate) + 20;
data/gretl-2020e/plugin/spss_import.c:1235:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n += strlen(label) + 1;
data/gretl-2020e/plugin/stata_export.c:97:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(S[i]);
data/gretl-2020e/plugin/stata_export.c:108:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len += strlen(tmp) + 1;
data/gretl-2020e/plugin/stata_export.c:130:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	tab.off += strlen(S[i]) + 1;
data/gretl-2020e/plugin/stata_export.c:141:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	*w += fwrite(tmp, 1, strlen(tmp) + 1, fp);
data/gretl-2020e/plugin/stata_export.c:262:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    ni = strlen(S[i]);
data/gretl-2020e/plugin/stata_export.c:411:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i, n = strlen(src);
data/gretl-2020e/plugin/stata_import.c:636:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int dlen = strlen(stamp);
data/gretl-2020e/plugin/stata_import.c:648:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dlen += strlen(tr);
data/gretl-2020e/plugin/stata_import.c:659:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(dinfo->descrip, "\n");
data/gretl-2020e/plugin/stata_import.c:675:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(test, "x");
data/gretl-2020e/plugin/stata_import.c:676:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(test, name, VNAMELEN - 2);
data/gretl-2020e/plugin/stata_import.c:678:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(test, name, VNAMELEN - 2);
data/gretl-2020e/plugin/stata_import.c:679:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(test, "1");
data/gretl-2020e/plugin/stata_import.c:1079:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (gretl_namechar_spn(buf) == strlen(buf)) {
data/gretl-2020e/plugin/stata_import.c:1117:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (*buf != '\0' && buf[strlen(buf)-1] != 'g') {
data/gretl-2020e/plugin/stata_import.c:1588:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		st_err = stata_seek(fp, strlen("</lbl>"), SEEK_CUR);
data/gretl-2020e/plugin/stata_import.c:1849:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dtab->vtype_pos = offset + strlen("<variable_types>");
data/gretl-2020e/plugin/stata_import.c:1851:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dtab->vname_pos = offset + strlen("<varnames>");
data/gretl-2020e/plugin/stata_import.c:1853:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dtab->vfmt_pos = offset + strlen("<formats>");
data/gretl-2020e/plugin/stata_import.c:1855:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dtab->vallblnam_pos = offset + strlen("<value_label_names>");
data/gretl-2020e/plugin/stata_import.c:1857:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dtab->varlabel_pos = offset + strlen("<variable_labels>");
data/gretl-2020e/plugin/stata_import.c:1859:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dtab->data_pos = offset + strlen("<data>");
data/gretl-2020e/plugin/stata_import.c:1861:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dtab->strl_pos = offset + strlen("<strls>");
data/gretl-2020e/plugin/stata_import.c:1863:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dtab->vallabel_pos = offset + strlen("<value_labels>");
data/gretl-2020e/plugin/stata_import.c:1914:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (sscanf(buf, "<header><release>%d</release>"
data/gretl-2020e/plugin/vif.c:132:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(si) > NAMEWIDTH) {
data/gretl-2020e/plugin/vif.c:135:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		    strcat(tmp, "~");
data/gretl-2020e/plugin/vif.c:147:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len = strlen(S[i+2]);
data/gretl-2020e/plugin/vif.c:321:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    len = strlen(cnames[ngp5]);
data/gretl-2020e/plugin/vif.c:529:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		n = strlen(dset->varname[vi]);
data/gretl-2020e/plugin/xml_get.c:196:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    doc = xmlParseMemory(data, strlen(data));
data/gretl-2020e/plugin/zipunzip/zipfile.c:558:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (p[strlen(p) - 1] == '/') {
data/gretl-2020e/plugin/zipunzip/zipfile.c:559:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    p[strlen(p) - 1] = '\0';
data/gretl-2020e/plugin/zipunzip/zipfile.c:974:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (p[strlen(p) - 1] == '/') {
data/gretl-2020e/plugin/zipunzip/zipfile.c:975:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p[strlen(p) - 1] = '\0';
data/gretl-2020e/plugin/zipunzip/zipmain.c:207:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(zerrbuf);
data/gretl-2020e/plugin/zipunzip/zipmain.c:217:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(zerrbuf, ")");
data/gretl-2020e/plugin/zipunzip/zipmain.c:277:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define lastchar(s) ((*(s) == '\0')? '\0' : s[strlen(s)-1])
data/gretl-2020e/plugin/zipunzip/zipmain.c:288:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(templ, "\\");
data/gretl-2020e/plugin/zipunzip/zipmain.c:292:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(templ, "/");
data/gretl-2020e/plugin/zipunzip/zipwork.c:300:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    z->namelen = strlen(z->iname);
data/gretl-2020e/plugin/zipunzip/zipwork.c:552:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen(prefix);
data/gretl-2020e/plugin/zipunzip/zipwork.c:569:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(dtarg, fname, len);
data/gretl-2020e/plugin/zipunzip/zipwork.c:715:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen(prefix);
data/gretl-2020e/plugin/zipunzip/zipwork.c:755:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (z->iname[strlen(z->iname) - 1] == '/') {
data/gretl-2020e/plugin/zipunzip/zsystem.c:99:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int sz, n = strlen(fname);
data/gretl-2020e/plugin/zipunzip/zsystem.c:116:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(path, "/");
data/gretl-2020e/plugin/zipunzip/zsystem.c:125:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    dpath = malloc(strlen(path) + strlen(dirname) + 1);
data/gretl-2020e/plugin/zipunzip/zsystem.c:125:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    dpath = malloc(strlen(path) + strlen(dirname) + 1);
data/gretl-2020e/plugin/zipunzip/zsystem.c:258:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(src);
data/gretl-2020e/plugin/zipunzip/zsystem.c:277:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *xname = g_malloc0(strlen(iname) + 1);
data/gretl-2020e/plugin/zipunzip/zsystem.c:376:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(fname);
data/gretl-2020e/plugin/zipunzip/zsystem.c:436:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(z->name);
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:292:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(line , " ");
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:294:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(line , "\n");
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:357:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t i, n = strlen(s);
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:391:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    memmove(p+1, p+2, strlen(p+2) + 1);
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:411:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(s);
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:439:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(datainfo->varname[1], "y");
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:441:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(datainfo->varname[2], "x");
data/gretl-2020e/tests/nist-nls/nist-nls-test.c:491:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	if (sscanf(line, "%7s = %lf %lf %lf %lf", 
data/gretl-2020e/tests/nistcheck.c:138:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	    strcpy(dset->varname[i], "y");
data/gretl-2020e/tests/nistcheck.c:142:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	    strcpy(dset->varname[i], "x");
data/gretl-2020e/tests/nistcheck.c:237:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(s, line, 47);
data/gretl-2020e/tests/nistcheck.c:238:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(s);
data/gretl-2020e/tests/nistcheck.c:856:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(datadir, ".");
data/gretl-2020e/utils/FRB/frb2db.c:191:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (!strncmp(s, fixers[i].targ, strlen(fixers[i].targ))) {
data/gretl-2020e/utils/FRB/frb2db.c:193:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		s += strlen(fixers[i].targ);
data/gretl-2020e/utils/FRB/frb2db.c:194:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		n += strlen(fixers[i].repl);
data/gretl-2020e/utils/FRB/frb2db.c:209:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(tmp);
data/gretl-2020e/utils/FRB/frb2db.c:214:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(fs->descrip, tmp, 127);
data/gretl-2020e/utils/FRB/frb2db.c:274:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(tmp, s, 63);
data/gretl-2020e/utils/FRB/frb2db.c:300:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(tmp) > 15) {
data/gretl-2020e/utils/FRB/frb2db.c:304:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(fs->name, tmp, 15);
data/gretl-2020e/utils/FRED/fred2db.c:108:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	if (sscanf(line, "%15s", vname) == 1) {
data/gretl-2020e/utils/FRED/fred2db.c:124:7:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		if (sscanf(line, "%15s", vname) == 1) {
data/gretl-2020e/utils/FRED/fred2db.c:126:7:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		    strncat(series_names[i++], vname, 15);
data/gretl-2020e/utils/FRED/fred2db.c:603:13:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	} else if (sscanf(line, "%32s", API_KEY) != 1) {
data/gretl-2020e/utils/dbzip/gretlzip.c:33:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    timebuf[strlen(timebuf)-1] = ' ';
data/gretl-2020e/utils/dbzip/gretlzip.c:197:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(infobuf, "\n");
data/gretl-2020e/utils/dbzip/gretlzip.c:200:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    printf("infobuf: strlen = %d\n", (int) strlen(infobuf));
data/gretl-2020e/utils/dbzip/gretlzip.c:357:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (callname != NULL && strlen(callname) > 1) {
data/gretl-2020e/utils/dbzip/gretlzip.c:377:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(fname, argv[filearg], MAXLEN-1);
data/gretl-2020e/utils/scriptfix/scriptfix.c:82:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(fixup, s, strlen(s));
data/gretl-2020e/utils/scriptfix/scriptfix.c:82:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strncat(fixup, s, strlen(s));
data/gretl-2020e/utils/scriptfix/scriptfix.c:85:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(s+1, fixup, strlen(fixup));
data/gretl-2020e/utils/scriptfix/scriptfix.c:85:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strncat(s+1, fixup, strlen(fixup));
data/gretl-2020e/utils/scriptfix/scriptfix.c:111:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(targ, src, n);
data/gretl-2020e/utils/scriptfix/scriptfix.c:116:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *ret = calloc(strlen(s) + 1, 1);
data/gretl-2020e/utils/scriptfix/scriptfix.c:172:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *ret = malloc(strlen(fname) + 7);
data/gretl-2020e/utils/scriptfix/scriptfix.c:221:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (p != NULL && strlen(p) == strlen(sfx)) {
data/gretl-2020e/utils/scriptfix/scriptfix.c:221:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (p != NULL && strlen(p) == strlen(sfx)) {

ANALYSIS SUMMARY:

Hits = 6379
Lines analyzed = 534397 in approximately 13.80 seconds (38718 lines/second)
Physical Source Lines of Code (SLOC) = 395395
Hits@level = [0] 4598 [1] 1150 [2] 3440 [3] 104 [4] 1531 [5] 154
Hits@level+ = [0+] 10977 [1+] 6379 [2+] 5229 [3+] 1789 [4+] 1685 [5+] 154
Hits/KSLOC@level+ = [0+] 27.7621 [1+] 16.1332 [2+] 13.2247 [3+] 4.52459 [4+] 4.26156 [5+] 0.389484
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.