Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/iraf-2.16.1+2018.11.01/include/drvrsmem.h
Examining data/iraf-2.16.1+2018.11.01/lib/chars.h
Examining data/iraf-2.16.1+2018.11.01/lib/clio.h
Examining data/iraf-2.16.1+2018.11.01/lib/clset.h
Examining data/iraf-2.16.1+2018.11.01/lib/ctotok.h
Examining data/iraf-2.16.1+2018.11.01/lib/ctype.h
Examining data/iraf-2.16.1+2018.11.01/lib/diropen.h
Examining data/iraf-2.16.1+2018.11.01/lib/error.h
Examining data/iraf-2.16.1+2018.11.01/lib/evexpr.h
Examining data/iraf-2.16.1+2018.11.01/lib/evvexpr.h
Examining data/iraf-2.16.1+2018.11.01/lib/finfo.h
Examining data/iraf-2.16.1+2018.11.01/lib/fio.h
Examining data/iraf-2.16.1+2018.11.01/lib/fmlfstat.h
Examining data/iraf-2.16.1+2018.11.01/lib/fmset.h
Examining data/iraf-2.16.1+2018.11.01/lib/fset.h
Examining data/iraf-2.16.1+2018.11.01/lib/gescape.h
Examining data/iraf-2.16.1+2018.11.01/lib/gim.h
Examining data/iraf-2.16.1+2018.11.01/lib/gio.h
Examining data/iraf-2.16.1+2018.11.01/lib/gki.h
Examining data/iraf-2.16.1+2018.11.01/lib/gset.h
Examining data/iraf-2.16.1+2018.11.01/lib/imhdr.h
Examining data/iraf-2.16.1+2018.11.01/lib/imio.h
Examining data/iraf-2.16.1+2018.11.01/lib/imset.h
Examining data/iraf-2.16.1+2018.11.01/lib/lexnum.h
Examining data/iraf-2.16.1+2018.11.01/lib/math/curfit.h
Examining data/iraf-2.16.1+2018.11.01/lib/math/gsurfit.h
Examining data/iraf-2.16.1+2018.11.01/lib/math/iminterp.h
Examining data/iraf-2.16.1+2018.11.01/lib/math/interp.h
Examining data/iraf-2.16.1+2018.11.01/lib/math/nlfit.h
Examining data/iraf-2.16.1+2018.11.01/lib/math/surfit.h
Examining data/iraf-2.16.1+2018.11.01/lib/mii.h
Examining data/iraf-2.16.1+2018.11.01/lib/mwset.h
Examining data/iraf-2.16.1+2018.11.01/lib/nmi.h
Examining data/iraf-2.16.1+2018.11.01/lib/nspp.h
Examining data/iraf-2.16.1+2018.11.01/lib/pattern.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/center1d.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/cq.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/dttext.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/gtools.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/icfit.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/igsfit.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/inlfit.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/mef.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/rg.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/rmsorted.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/skywcs.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/xtanswer.h
Examining data/iraf-2.16.1+2018.11.01/lib/plio.h
Examining data/iraf-2.16.1+2018.11.01/lib/plset.h
Examining data/iraf-2.16.1+2018.11.01/lib/pmset.h
Examining data/iraf-2.16.1+2018.11.01/lib/poll.h
Examining data/iraf-2.16.1+2018.11.01/lib/printf.h
Examining data/iraf-2.16.1+2018.11.01/lib/protect.h
Examining data/iraf-2.16.1+2018.11.01/lib/prstat.h
Examining data/iraf-2.16.1+2018.11.01/lib/psset.h
Examining data/iraf-2.16.1+2018.11.01/lib/qpexset.h
Examining data/iraf-2.16.1+2018.11.01/lib/qpioset.h
Examining data/iraf-2.16.1+2018.11.01/lib/qpset.h
Examining data/iraf-2.16.1+2018.11.01/lib/syserr.h
Examining data/iraf-2.16.1+2018.11.01/lib/tbset.h
Examining data/iraf-2.16.1+2018.11.01/lib/time.h
Examining data/iraf-2.16.1+2018.11.01/lib/ttset.h
Examining data/iraf-2.16.1+2018.11.01/lib/ttyset.h
Examining data/iraf-2.16.1+2018.11.01/lib/votParse_spp.h
Examining data/iraf-2.16.1+2018.11.01/lib/xalloc.h
Examining data/iraf-2.16.1+2018.11.01/lib/xwhen.h
Examining data/iraf-2.16.1+2018.11.01/math/curfit/curfitdef.h
Examining data/iraf-2.16.1+2018.11.01/math/curfit/dcurfitdef.h
Examining data/iraf-2.16.1+2018.11.01/math/deboor/bspln.h
Examining data/iraf-2.16.1+2018.11.01/math/gsurfit/dgsurfitdef.h
Examining data/iraf-2.16.1+2018.11.01/math/gsurfit/gsurfit.h
Examining data/iraf-2.16.1+2018.11.01/math/gsurfit/gsurfitdef.h
Examining data/iraf-2.16.1+2018.11.01/math/iminterp/im1interpdef.h
Examining data/iraf-2.16.1+2018.11.01/math/iminterp/im2interpdef.h
Examining data/iraf-2.16.1+2018.11.01/math/interp/asidef.h
Examining data/iraf-2.16.1+2018.11.01/math/interp/interp.h
Examining data/iraf-2.16.1+2018.11.01/math/interp/interpdef.h
Examining data/iraf-2.16.1+2018.11.01/math/nlfit/nlfitdefd.h
Examining data/iraf-2.16.1+2018.11.01/math/nlfit/nlfitdefr.h
Examining data/iraf-2.16.1+2018.11.01/math/slalib/rtl_random.c
Examining data/iraf-2.16.1+2018.11.01/math/slalib/sla.c
Examining data/iraf-2.16.1+2018.11.01/math/slalib/slaTest.c
Examining data/iraf-2.16.1+2018.11.01/math/slalib/slalib.h
Examining data/iraf-2.16.1+2018.11.01/math/surfit/surfitdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/artdata/gammln.c
Examining data/iraf-2.16.1+2018.11.01/noao/artdata/lists/starlist.h
Examining data/iraf-2.16.1+2018.11.01/noao/astcat/lib/acatalog.h
Examining data/iraf-2.16.1+2018.11.01/noao/astcat/lib/aimpars.h
Examining data/iraf-2.16.1+2018.11.01/noao/astcat/lib/aimparsdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/astcat/lib/astrom.h
Examining data/iraf-2.16.1+2018.11.01/noao/astcat/lib/astromdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/astutil/astfunc.h
Examining data/iraf-2.16.1+2018.11.01/noao/astutil/pdm/pdm.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/apphot.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/apphotdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/center.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/centerdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/display.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/displaydef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/find.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/finddef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/fitpsf.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/fitpsfdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/fitsky.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/fitskydef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/noise.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/noisedef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/phot.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/photdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/polyphot.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/polyphotdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/radprof.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/radprofdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/daophot/daoedit/daoedit.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/daophot/lib/allstardef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/daophot/lib/apseldef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/daophot/lib/daophotdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/daophot/lib/nstardef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/daophot/lib/peakdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/daophot/lib/psfdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/lib/ptkeysdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/debug/debug.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/apfile.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/fitparams.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/io.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/lexer.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/mctable.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/obsfile.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/parser.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/prdefs.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/preval.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/prstruct.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/prtoken.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/parser/y.tab.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/ptools/pexamine/pexamine.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/ccdred/src/ccdcache.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/ccdred/src/ccdred.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/ccdred/src/ccdtypes.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/ccdred/src/combine/icmask.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/ccdred/src/combine/icombine.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/ccdred/src/cosmic/crlist.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/ccdred/src/generic/ccdred.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/ccdred/src/icmask.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/ccdred/src/icombine.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/crutil/src/crlist.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/dtoi/hdicfit/hdicfit.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/quadred/src/ccdproc/ccdcache.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/quadred/src/ccdproc/ccdred.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/quadred/src/ccdproc/ccdtypes.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/quadred/src/ccdproc/generic/ccdred.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/quadred/src/quad/ccdtypes.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/quadred/src/quad/quadgeom.h
Examining data/iraf-2.16.1+2018.11.01/noao/lib/funits.h
Examining data/iraf-2.16.1+2018.11.01/noao/lib/smw.h
Examining data/iraf-2.16.1+2018.11.01/noao/lib/units.h
Examining data/iraf-2.16.1+2018.11.01/noao/mtlocal/camera/rcamera.h
Examining data/iraf-2.16.1+2018.11.01/noao/mtlocal/cyber/cyber.h
Examining data/iraf-2.16.1+2018.11.01/noao/mtlocal/cyber/rrcopy/rrcopy.h
Examining data/iraf-2.16.1+2018.11.01/noao/mtlocal/idsmtn/idsmtn.h
Examining data/iraf-2.16.1+2018.11.01/noao/mtlocal/pds/rpds.h
Examining data/iraf-2.16.1+2018.11.01/noao/mtlocal/r2df/r2df.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/ace.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/acedetect.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/acesky.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/cat.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/detect.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/display.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/evaluate.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/filter.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/grow.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/gwindow.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/objs.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/sky.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/skyblock.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/skyfit.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/split.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ir/iralign.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/slitpic.h
Examining data/iraf-2.16.1+2018.11.01/noao/obsutil/src/specfocus/specfocus.h
Examining data/iraf-2.16.1+2018.11.01/noao/obsutil/src/sptime/sptime.h
Examining data/iraf-2.16.1+2018.11.01/noao/obsutil/src/starfocus/starfocus.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/dispcor/dctable.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/dispcor/dispcor.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/dispcor/refspectra.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/ecidentify/ecffit/ecffit.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/ecidentify/ecidentify.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/identify/autoid/autoid.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/identify/identify.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/irsiids/idsmtn.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/odcombine/src/icmask.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/odcombine/src/icombine.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/odcombine/srcwt/icmask.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/odcombine/srcwt/icombine.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/scombine/icombine.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/sensfunc/sensfunc.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/specplot.h
Examining data/iraf-2.16.1+2018.11.01/noao/rv/rvcomdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/rv/rvcont.h
Examining data/iraf-2.16.1+2018.11.01/noao/rv/rvfilter.h
Examining data/iraf-2.16.1+2018.11.01/noao/rv/rvflags.h
Examining data/iraf-2.16.1+2018.11.01/noao/rv/rvidlines/identify.h
Examining data/iraf-2.16.1+2018.11.01/noao/rv/rvkeywords.h
Examining data/iraf-2.16.1+2018.11.01/noao/rv/rvpackage.h
Examining data/iraf-2.16.1+2018.11.01/noao/rv/rvplots.h
Examining data/iraf-2.16.1+2018.11.01/noao/rv/rvsample.h
Examining data/iraf-2.16.1+2018.11.01/noao/twodspec/apextract/apertures.h
Examining data/iraf-2.16.1+2018.11.01/noao/twodspec/apextract/apparams.h
Examining data/iraf-2.16.1+2018.11.01/noao/twodspec/longslit/lscombine/src/icmask.h
Examining data/iraf-2.16.1+2018.11.01/noao/twodspec/longslit/lscombine/src/icombine.h
Examining data/iraf-2.16.1+2018.11.01/noao/twodspec/multispec/dbio/dbio.h
Examining data/iraf-2.16.1+2018.11.01/noao/twodspec/multispec/ms.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/clmodes.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/clprintf.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/clsystem.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/compile.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/config.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/construct.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/debug.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/decl.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/errs.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/errs.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/globals.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/grammar.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/history.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/lexicon.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/lexyy.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/lists.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/mem.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/operand.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/param.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/param.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/prcache.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/proto.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/scan.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/stack.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/task.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/task.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/unop.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/main.c
Examining data/iraf-2.16.1+2018.11.01/pkg/dataio/export/exbltins.h
Examining data/iraf-2.16.1+2018.11.01/pkg/dataio/export/exfcn.h
Examining data/iraf-2.16.1+2018.11.01/pkg/dataio/export/export.h
Examining data/iraf-2.16.1+2018.11.01/pkg/dataio/fits/rfits.h
Examining data/iraf-2.16.1+2018.11.01/pkg/dataio/fits/wfits.h
Examining data/iraf-2.16.1+2018.11.01/pkg/dataio/import/import.h
Examining data/iraf-2.16.1+2018.11.01/pkg/dataio/import/ipfcn.h
Examining data/iraf-2.16.1+2018.11.01/pkg/dataio/imtext/imtext.h
Examining data/iraf-2.16.1+2018.11.01/pkg/dataio/reblock/reblock.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/clmodes.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/clprintf.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/clsystem.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/compile.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/config.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/construct.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/debug.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/decl.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/errs.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/errs.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/globals.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/grammar.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/lexicon.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/lexyy.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/lists.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/mem.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/param.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/prcache.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/proto.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/scan.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/stack.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/task.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/task.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/unop.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imcoords/src/starfind.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imfilter/src/fmedian.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imfilter/src/fmode.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imfilter/src/frmedian.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imfilter/src/frmode.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imfilter/src/median.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imfilter/src/mode.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imfilter/src/rmedian.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imfilter/src/rmode.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imfit/src/imsurfit.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imfit/src/pixlist.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/immatch/src/geometry/geotran.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/immatch/src/imcombine/src/icmask.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/immatch/src/imcombine/src/icombine.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/immatch/src/linmatch/linmatch.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/immatch/src/linmatch/lsqfit.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/immatch/src/psfmatch/psfmatch.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/immatch/src/wcsmatch/wcsxymatch.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/immatch/src/xregister/xregister.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imutil/src/gettok.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imutil/src/imstat.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imutil/src/imsum.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imutil/src/imtile.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/lib/geogmap.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/lib/geomap.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/lib/xyxymatch.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/display/ace.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/display/display.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/display/gwindow.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/display/iis.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/display/zdisplay.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/iis/ids/font.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/iis/iism70/iis.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/iis/lib/ids.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/iis/src/cv.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/iis/src/gwindow.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/imedit/epix.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/imexamine/imexam.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/imexamine/starfocus.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/tvmark/tvmark.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/wcslab/wcs_desc.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/wcslab/wcslab.h
Examining data/iraf-2.16.1+2018.11.01/pkg/obsolete/fits/rfits.h
Examining data/iraf-2.16.1+2018.11.01/pkg/obsolete/fits/wfits.h
Examining data/iraf-2.16.1+2018.11.01/pkg/obsolete/imcombine/icombine.h
Examining data/iraf-2.16.1+2018.11.01/pkg/obsolete/oimstat.h
Examining data/iraf-2.16.1+2018.11.01/pkg/plot/crtpict/crtpict.h
Examining data/iraf-2.16.1+2018.11.01/pkg/plot/crtpict/wdes.h
Examining data/iraf-2.16.1+2018.11.01/pkg/proto/maskexpr/gettok.h
Examining data/iraf-2.16.1+2018.11.01/pkg/proto/maskexpr/peregfuncs.h
Examining data/iraf-2.16.1+2018.11.01/pkg/proto/masks/mimstat.h
Examining data/iraf-2.16.1+2018.11.01/pkg/proto/masks/rskysub.h
Examining data/iraf-2.16.1+2018.11.01/pkg/proto/vol/src/i2sun/i2sun.h
Examining data/iraf-2.16.1+2018.11.01/pkg/proto/vol/src/pvol.h
Examining data/iraf-2.16.1+2018.11.01/pkg/softools/mkapropos/help.h
Examining data/iraf-2.16.1+2018.11.01/pkg/softools/mkapropos/helpdir.h
Examining data/iraf-2.16.1+2018.11.01/pkg/system/help/help.h
Examining data/iraf-2.16.1+2018.11.01/pkg/system/help/helpdir.h
Examining data/iraf-2.16.1+2018.11.01/pkg/system/help/lroff/lroff.h
Examining data/iraf-2.16.1+2018.11.01/pkg/system/help/xhelp/xhelp.h
Examining data/iraf-2.16.1+2018.11.01/pkg/tbtables/fitsio/fitssppb/fitsio.h
Examining data/iraf-2.16.1+2018.11.01/pkg/tbtables/fitsio_spp.h
Examining data/iraf-2.16.1+2018.11.01/pkg/tbtables/selector/tcs.h
Examining data/iraf-2.16.1+2018.11.01/pkg/tbtables/selector/trs.h
Examining data/iraf-2.16.1+2018.11.01/pkg/tbtables/selector/whatfile.h
Examining data/iraf-2.16.1+2018.11.01/pkg/tbtables/tbfxff.c
Examining data/iraf-2.16.1+2018.11.01/pkg/tbtables/tblerr.h
Examining data/iraf-2.16.1+2018.11.01/pkg/tbtables/tblfits.h
Examining data/iraf-2.16.1+2018.11.01/pkg/tbtables/tbltext.h
Examining data/iraf-2.16.1+2018.11.01/pkg/tbtables/tbtables.h
Examining data/iraf-2.16.1+2018.11.01/pkg/tbtables/underscore.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/curfit.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/copyone/filetype.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/imtab/imtab.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/keyselect/keyselect.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/lib/reloperr.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/cif.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/od/od.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/sbuf.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/template.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/vex.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/wcslab/psiescape.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/wcslab/wcs_desc.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/wcslab/wcslab.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tcheck/tcheck.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/command.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/display/curses.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/display/curses/window.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/display/forms/formfn.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/display/forms/linefn.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/display/forms/promptfn.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/field.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/paste.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/screen.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/table.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/texpand/lexoper.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/threed/tblerr.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/threed/tbtables.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/threed/tiimage/tiimage.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tjoin/tjoin.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tprint/tprint.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/trebin/trebin.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tstat/thistogram.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tunits/tunits.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tupar/tupar.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/catquery/cq.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/catquery/cqdef.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/center1d.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/cogetr.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/fixpix/xtfixpix.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/gammln.c
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/gtools/gtools.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/icfit/icfit.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/icfit/names.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/inlfit/inlfitdef.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/skywcs/skywcs.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/skywcs/skywcsdef.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/xtanswer.h
Examining data/iraf-2.16.1+2018.11.01/sys/clio/clpset.h
Examining data/iraf-2.16.1+2018.11.01/sys/etc/environ.h
Examining data/iraf-2.16.1+2018.11.01/sys/fmio/fmio.h
Examining data/iraf-2.16.1+2018.11.01/sys/fmio/fmlfstat.h
Examining data/iraf-2.16.1+2018.11.01/sys/fmio/fmset.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/calcomp/ccp.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/calcomp/font.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/cursor/grc.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/cursor/gtr.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/fonts/mkfont.c
Examining data/iraf-2.16.1+2018.11.01/sys/gio/gks/gks.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/glabax/glabax.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/imdkern/font.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/imdkern/imd.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/nsppkern/font.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/nsppkern/gkt.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/sgikern/font.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/sgikern/sgi.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/sgikern/sgk.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/stdgraph/font.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/stdgraph/stdgraph.h
Examining data/iraf-2.16.1+2018.11.01/sys/gty/gty.h
Examining data/iraf-2.16.1+2018.11.01/sys/imfort/db/idb.h
Examining data/iraf-2.16.1+2018.11.01/sys/imfort/imfort.h
Examining data/iraf-2.16.1+2018.11.01/sys/imfort/imhv1.h
Examining data/iraf-2.16.1+2018.11.01/sys/imfort/imhv2.h
Examining data/iraf-2.16.1+2018.11.01/sys/imfort/oif.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/db/idb.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/dbc/idbc.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/iki/fxf/fxf.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/iki/iki.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/iki/oif/imhv1.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/iki/oif/imhv2.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/iki/oif/oif.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/iki/plf/plf.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/iki/qpf/qpf.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/iki/stf/stf.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/imt/fxf.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/imt/imx.h
Examining data/iraf-2.16.1+2018.11.01/sys/ki/ki.h
Examining data/iraf-2.16.1+2018.11.01/sys/ki/zzrdks.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/atof.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/atoi.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/atol.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/caccess.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/calloc.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/callocate.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cclktime.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cclose.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/ccnvdate.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/ccnvtime.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cdelete.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cenvget.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cenvlist.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cenvmark.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cenvscan.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cerract.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cerrcode.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cerrget.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cerror.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfchdir.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfilbuf.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfinfo.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cflsbuf.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cflush.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfmapfn.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfmkdir.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfnextn.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfnldir.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfnroot.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfpath.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfredir.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfseti.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfstati.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cgetpid.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cgetuid.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cgflush.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cimaccess.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cimdrcur.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/ckimapc.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/clexnum.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cmktemp.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cndopen.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cnote.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/copen.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/coscmd.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cpoll.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cprcon.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cprdet.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cprintf.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/crcursor.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/crdukey.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cread.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/crename.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/creopen.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/csalloc.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cseek.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/csppstr.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cstropen.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cstrpak.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cstrupk.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/ctsleep.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttset.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttycdes.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttyclear.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttyclln.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttyctrl.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttygetb.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttygeti.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttygetr.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttygets.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttygoto.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttyinit.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttyodes.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttyputl.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttyputs.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttyseti.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttyso.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttystati.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/ctype.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cungetc.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cungetl.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cvfnbrk.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cwmsec.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cwrite.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cxgmes.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cxonerr.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cxttysize.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cxwhen.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/eprintf.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/fclose.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/fdopen.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/fflush.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/fgetc.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/fgets.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/fopen.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/fputc.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/fputs.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/fread.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/freadline.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/free.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/freopen.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/fseek.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/ftell.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/fwrite.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/gets.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/getw.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/index.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/isatty.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/libc_proto.h
Examining data/iraf-2.16.1+2018.11.01/sys/libc/malloc.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/mktemp.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/perror.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/printf.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/puts.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/putw.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/qsort.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/realloc.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/rewind.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/rindex.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/scanf.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/setbuf.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/spf.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/sprintf.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/stgio.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/strcat.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/strcmp.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/strcpy.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/strdup.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/strlen.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/strncat.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/strncmp.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/strncpy.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/system.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/ungetc.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/zztest.c
Examining data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c
Examining data/iraf-2.16.1+2018.11.01/sys/memdbg/zrtadr.c
Examining data/iraf-2.16.1+2018.11.01/sys/memio/zzdebug.c
Examining data/iraf-2.16.1+2018.11.01/sys/mtio/mtio.h
Examining data/iraf-2.16.1+2018.11.01/sys/mwcs/imwcs.h
Examining data/iraf-2.16.1+2018.11.01/sys/mwcs/mwcs.h
Examining data/iraf-2.16.1+2018.11.01/sys/mwcs/mwsv.h
Examining data/iraf-2.16.1+2018.11.01/sys/osb/abs.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtbb.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtbc.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtbd.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtbi.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtbl.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtbr.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtbs.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtbu.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtbx.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtcb.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtcu.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtdb.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtdu.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtib.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtiu.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtlb.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtlu.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtrb.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtru.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtsb.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtsu.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtub.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtuc.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtud.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtui.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtul.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtur.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtus.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtuu.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtux.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtxb.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtxu.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/aclrb.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/and.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/bitfields.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/bswap2.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/bswap4.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/bswap8.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/bytmov.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/chrpak.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/chrupk.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/d1mach.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/i32to64.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/i64to32.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/iand32.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/imul32.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/ipak16.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/ipak32.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/iscl32.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/iscl64.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/iupk16.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/iupk32.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/not.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/or.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/r1mach.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/shift.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/strpak.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/strsum.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/strupk.c
Examining data/iraf-2.16.1+2018.11.01/sys/plio/plbox.h
Examining data/iraf-2.16.1+2018.11.01/sys/plio/plcircle.h
Examining data/iraf-2.16.1+2018.11.01/sys/plio/pllseg.h
Examining data/iraf-2.16.1+2018.11.01/sys/plio/plpolygon.h
Examining data/iraf-2.16.1+2018.11.01/sys/plio/plrseg.h
Examining data/iraf-2.16.1+2018.11.01/sys/pmio/mio.h
Examining data/iraf-2.16.1+2018.11.01/sys/psio/psio.h
Examining data/iraf-2.16.1+2018.11.01/sys/qpoe/qpex.h
Examining data/iraf-2.16.1+2018.11.01/sys/qpoe/qpio.h
Examining data/iraf-2.16.1+2018.11.01/sys/qpoe/qpoe.h
Examining data/iraf-2.16.1+2018.11.01/sys/symtab/symtab.h
Examining data/iraf-2.16.1+2018.11.01/sys/tty/tty.h
Examining data/iraf-2.16.1+2018.11.01/sys/vops/ak/aclrc.c
Examining data/iraf-2.16.1+2018.11.01/sys/vops/ak/aclrd.c
Examining data/iraf-2.16.1+2018.11.01/sys/vops/ak/aclri.c
Examining data/iraf-2.16.1+2018.11.01/sys/vops/ak/aclrl.c
Examining data/iraf-2.16.1+2018.11.01/sys/vops/ak/aclrr.c
Examining data/iraf-2.16.1+2018.11.01/sys/vops/ak/aclrs.c
Examining data/iraf-2.16.1+2018.11.01/sys/vops/lz/amovc.c
Examining data/iraf-2.16.1+2018.11.01/sys/vops/lz/amovd.c
Examining data/iraf-2.16.1+2018.11.01/sys/vops/lz/amovi.c
Examining data/iraf-2.16.1+2018.11.01/sys/vops/lz/amovl.c
Examining data/iraf-2.16.1+2018.11.01/sys/vops/lz/amovr.c
Examining data/iraf-2.16.1+2018.11.01/sys/vops/lz/amovs.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootProto.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/bootlib.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/bytmov.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/kproto32.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/kproto64.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osaccess.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osamovb.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/oschdir.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osclose.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/oscmd.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/oscreatedir.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/oscrfile.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osdelete.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osdir.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osfcopy.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osfdate.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osfiletype.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osfn2vfn.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osfpathname.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetowner.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osopen.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osproto.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osputenv.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osread.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossetfmode.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossetowner.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossettime.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osstrpak.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osstrupk.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossubdir.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossymlink.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossysfile.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ostime.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/oswrite.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/tape.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/vfn2osfn.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/generic/lexyy.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/generic/yywrap.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/char.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/extern.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/fdcache.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/fncache.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/mkpkg.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/sflist.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/rmbin/rmbin.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/rmfiles/rmfiles.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/cant.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/close.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/endst.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/getarg.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/getlin.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/initst.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/open.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/putch.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/putlin.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/r4tocstr.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/ratdef.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/remark.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/rpp.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xpp.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppProto.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/dextern.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y3.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y4.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/getopt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/abort_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/arith.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/arithchk.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/backspac.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/c_abs.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/c_cos.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/c_div.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/c_exp.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/c_log.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/c_sin.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/c_sqrt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/cabs.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/close.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/ctype.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/ctype.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_abs.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_acos.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_asin.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_atan.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_atn2.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_cnjg.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_cos.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_cosh.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_dim.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_exp.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_imag.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_int.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_lg10.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_log.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_mod.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_nint.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_prod.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_sign.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_sin.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_sinh.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_sqrt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_tan.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_tanh.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/derf_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/derfc_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/dfe.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/dolio.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/dtime_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/due.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/ef1asc_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/ef1cmc_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/endfile.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/erf_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/erfc_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/err.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/etime_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/exit_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/f2c.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/f77_aloc.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/f77vers.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/fio.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/fmt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/fmt.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/fmtlib.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/fp.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/ftell64_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/ftell_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/getarg_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/getenv_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/h_abs.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/h_dim.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/h_dnnt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/h_indx.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/h_len.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/h_mod.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/h_nint.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/h_sign.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/hl_ge.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/hl_gt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/hl_le.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/hl_lt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/i77vers.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/i_abs.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/i_dim.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/i_dnnt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/i_indx.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/i_len.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/i_mod.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/i_nint.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/i_sign.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/iargc_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/iio.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/ilnw.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/inquire.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/l_ge.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/l_gt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/l_le.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/l_lt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lbitbits.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lbitshft.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lio.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lread.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lwrite.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/main.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/pow_ci.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/pow_dd.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/pow_di.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/pow_hh.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/pow_ii.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/pow_qq.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/pow_ri.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/pow_zi.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/pow_zz.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/qbitbits.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/qbitshft.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_abs.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_acos.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_asin.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_atan.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_atn2.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_cnjg.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_cos.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_cosh.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_dim.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_exp.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_imag.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_int.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_lg10.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_log.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_mod.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_nint.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_sign.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_sin.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_sinh.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_sqrt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_tan.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_tanh.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rawio.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rdfmt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rewind.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rsfe.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rsli.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rsne.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/s_cat.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/s_cmp.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/s_copy.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/s_paus.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/s_rnge.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/s_stop.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/sfe.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/sig_die.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/signal1.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/signal_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/signbit.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/sue.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/sysdep1.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/system_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/typesize.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/uio.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/uninit.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/util.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wrtfmt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wsfe.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wsle.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wsne.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/xwsne.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/z_abs.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/z_cos.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/z_div.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/z_exp.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/z_log.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/z_sin.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/z_sqrt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/cds.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/data.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/defines.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/defs.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/equiv.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/exec.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/ftypes.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/init.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/intr.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/iob.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/machdefs.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/main.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/malloc.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/memset.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/niceprintf.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/niceprintf.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/p1defs.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/p1output.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/pccdefs.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/put.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdeptest.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/tokdefs.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/usignal.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/vax.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/version.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/xsum.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2svg.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2ueps.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uhpgl.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uhplj.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uimp.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uptx.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uqms.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2xbm.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgiUtil.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgiUtil.h
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgidispatch.c
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/config.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/knet.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/alloc.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/ctype.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/error.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/finfo.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/fpoll.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/fset.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/iraf.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/kernel.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/knames.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/kproto.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/lexnum.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/main.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/math.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/protect.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/prstat.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/prtype.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/setjmp.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/spp.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/stdarg-gcc.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/stdarg.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/stdio.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/ttset.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/vosproto.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/xnames.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/xwhen.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/zfstat.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/mach32.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/mach64.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/math.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/swapbe.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/swaple.h
Examining data/iraf-2.16.1+2018.11.01/unix/os/alloc.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/dio.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/getproc.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/gmttolst.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/accept.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/connect.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/ctype.h
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/eprintf.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/ghostbynm.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/ghostent.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/gsocknm.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/hostdb.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/htonl.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/htons.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/in.h
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/inetaddr.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/listen.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/netdb.h
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/ntohl.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/ntohs.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/rexec.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/socket.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/socket.h
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/tcpclose.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/tcpread.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/tcpwrite.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/types.h
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/zfioks.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/prwait.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/tape.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zawset.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zcall.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zdojmp.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfacss.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfaloc.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfchdr.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfdele.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfgcwd.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfinfo.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfiolp.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfiopl.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfiopr.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfiosf.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfiotx.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfioty.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zflink.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfmkcp.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfmkdr.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfnbrk.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfpath.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfpoll.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfprot.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfrmdr.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfrnam.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfsubd.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfunc.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfutim.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfxdir.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zgcmdl.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zghost.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zglobl.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zgmtco.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zgtpid.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zintpr.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zlocpr.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zlocva.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zmain.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zmaloc.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zmfree.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zopdir.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zopdpr.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zoscmd.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zpanic.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zraloc.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zshlib.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zttyio.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zwmsec.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zxwhen.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zzdbg.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zzepro.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zzexit.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zzpstr.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zzsetk.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zzstrt.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zgtime.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/buffers.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/checksum.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/edithdu.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_defs.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_tab.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap1.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap2.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap3.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hcompress.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hdecompress.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio2.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcol.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolb.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcold.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcole.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoli.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolj.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolk.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoll.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolsb.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolui.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluj.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluk.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/longnam.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/pliocomp.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcol.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolb.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcold.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcole.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoli.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolj.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolk.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoll.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcols.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolsb.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolu.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolui.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluj.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluk.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/quantize.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/region.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/region.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/ricecomp.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/scalnull.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/simplerng.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/simplerng.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/swapproc.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcsutil.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/adler32.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/crc32.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/crc32.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/deflate.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/deflate.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/infback.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/inffast.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/inffast.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/inffixed.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/inflate.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/inflate.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/inftrees.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/inftrees.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/trees.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/trees.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/uncompr.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zcompress.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zconf.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zlib.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zuncompress.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.h
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votcompress.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votconcat.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votcopy.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votdump.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votinfo.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votpos.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votsplit.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/xx.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zztest.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/votAttr.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/votElement.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/votExpatCB.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/votHandle.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.h
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParseP.h
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse_f77.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse_spp.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse_spp.h
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/votStack.c

FINAL RESULTS:

data/iraf-2.16.1+2018.11.01/sys/libc/gets.c:14:1:  [5] (buffer) gets:
  Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets (
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossetfmode.c:17:10:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	return (chmod (vfn2osfn(fname,0), mode));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossetowner.c:20:10:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
	return (chown (vfn2osfn(fname,0), uid, gid));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossymlink.c:25:16:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
		    if ((n = readlink (fname, valbuf, maxch)) > 0)
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:888:6:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	    chmod (outfile, 0755);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:77:9:  [5] (buffer) gets:
  Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
#define	gets		u_gets
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:144:17:  [5] (buffer) gets:
  Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
extern char    *gets (char *buf);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/stdio.h:97:7:  [5] (buffer) gets:
  Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
char	*gets();
data/iraf-2.16.1+2018.11.01/unix/os/alloc.c:150:10:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	    if (chmod (fp->f_name, RWOWN) == -1)
data/iraf-2.16.1+2018.11.01/unix/os/alloc.c:152:10:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
	    if (chown (fp->f_name, ruid, rgid) == -1)
data/iraf-2.16.1+2018.11.01/unix/os/alloc.c:190:10:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	    if (chmod (fp->f_name, RWALL) == -1)
data/iraf-2.16.1+2018.11.01/unix/os/alloc.c:192:10:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
	    if (chown (fp->f_name, 0, 0) == -1)
data/iraf-2.16.1+2018.11.01/unix/os/zfiotx.c:171:13:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	    (void) chmod ((char *)osfn, newmode);
data/iraf-2.16.1+2018.11.01/unix/os/zfmkdr.c:39:10:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	        chmod (osdir, _u_fmode(0777));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6826:3:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	 strncat(infile, url, FLEN_FILENAME -1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:883:13:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
            strncat(file_outfile,outfile,FLEN_FILENAME-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c:297:9:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
        strncat(stdin_outfile,outfile,FLEN_FILENAME-1); /* an output file is specified */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/edithdu.c:571:7:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
      strncat(extnm, extnmx, FLEN_VALUE-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/edithdu.c:708:7:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
      strncat(extnm, extnmx, FLEN_VALUE-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:2410:3:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	 strncat(errMsg, varName, MAXVARNAME);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:2425:3:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	 strncat(errMsg, varName, MAXVARNAME);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1047:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(tmpname, keyname + nblank, FLEN_KEYWORD - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1103:8:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
      	strncat(tmpname2, tmpname, FLEN_KEYWORD - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1147:13:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
            strncat(card, tmpname, FLEN_KEYWORD - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:504:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(keyname, &name[ii], FLEN_KEYWORD - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1463:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(keyroot, keyname, FLEN_KEYWORD - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1542:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(keyroot, keyname, FLEN_KEYWORD - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1623:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(keyroot, keyname, FLEN_KEYWORD - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1704:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(keyroot, keyname, FLEN_KEYWORD - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1785:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(keyroot, keyname, FLEN_KEYWORD - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1866:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(keyroot, keyname, FLEN_KEYWORD - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:985:8:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	(void)strncat (newpixname, &pixname[4], SZ_IM2PIXFILE);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1003:8:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	(void)strncat (newpixname, pixname, SZ_IM2PIXFILE);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2515:9:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
        strncat(extnm, extnmx, FLEN_VALUE-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2636:9:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
        strncat(extnm, extnmx, FLEN_VALUE-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2894:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(xtension, xtensionx, FLEN_VALUE-1);
data/iraf-2.16.1+2018.11.01/lib/diropen.h:1:67:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# DIROPEN.H -- Defined parameters for fio.diropen.  Two directory access modes
data/iraf-2.16.1+2018.11.01/lib/diropen.h:3:26:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
# used internally by the system).
data/iraf-2.16.1+2018.11.01/lib/error.h:7:38:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define	EA_RESTART	-99		# used by the system
data/iraf-2.16.1+2018.11.01/lib/finfo.h:9:39:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	FI_ATIME	$1[3]		# time of last access
data/iraf-2.16.1+2018.11.01/lib/fio.h:26:37:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	FMODE		Memi[$1+1]		# mode of access
data/iraf-2.16.1+2018.11.01/lib/fio.h:109:40:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# buffer size for efficient sequential access to the device.
data/iraf-2.16.1+2018.11.01/lib/fio.h:129:26:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	VFN_READ	1		# VFN access modes for VFNOPEN
data/iraf-2.16.1+2018.11.01/lib/fmset.h:4:34:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	FM_ACMODE		1	#RO datafile access mode
data/iraf-2.16.1+2018.11.01/lib/fset.h:2:36:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# Some of these parameters provide access to the guts of the i/o system and
data/iraf-2.16.1+2018.11.01/lib/fset.h:2:66:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
# Some of these parameters provide access to the guts of the i/o system and
data/iraf-2.16.1+2018.11.01/lib/fset.h:7:40:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	F_ADVICE	1	#  advice on type of access (rand,seq,def)
data/iraf-2.16.1+2018.11.01/lib/fset.h:32:27:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	F_MODE		26	#r file access mode (ro,wo,rw)
data/iraf-2.16.1+2018.11.01/lib/fset.h:40:42:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	F_READ		34	#r does file have read access [y/n]
data/iraf-2.16.1+2018.11.01/lib/fset.h:47:44:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	F_WRITE		41	#r does file have write access [y/n]
data/iraf-2.16.1+2018.11.01/lib/gio.h:54:38:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	GP_ACMODE	Memi[$1+3]		# gopen access mode
data/iraf-2.16.1+2018.11.01/lib/gio.h:140:41:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
define	GL_TICKFORMAT	Memc[P2C($1+23)]	# printf format of ticks
data/iraf-2.16.1+2018.11.01/lib/imio.h:6:41:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	DEF_ADVICE		SEQUENTIAL	# type of access to optimize for
data/iraf-2.16.1+2018.11.01/lib/imio.h:31:32:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	IM_ACMODE	Memi[$1+2]		# access mode (ro, rw, etc.)
data/iraf-2.16.1+2018.11.01/lib/imio.h:34:50:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	IM_VADVICE	Memi[$1+5]		# expected type of access
data/iraf-2.16.1+2018.11.01/lib/imio.h:75:42:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	PL_ACMODE	mod($1,100B)		# extract access mode
data/iraf-2.16.1+2018.11.01/lib/mwset.h:4:22:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define	MW_NDIM		1		# system logical dimension
data/iraf-2.16.1+2018.11.01/lib/mwset.h:8:34:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define	MW_NPHYSDIM	5		# physical system dimension
data/iraf-2.16.1+2018.11.01/lib/nspp.h:1:38:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
# NSPP.H -- Definitions for the NCAR system plot package and metacode
data/iraf-2.16.1+2018.11.01/lib/pkg/cq.h:3:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# The catalog access interface parameter definitions
data/iraf-2.16.1+2018.11.01/lib/pkg/cq.h:23:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# The catalog access results parameter definitions
data/iraf-2.16.1+2018.11.01/lib/pkg/cq.h:46:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# The surveys access results parameter definitions
data/iraf-2.16.1+2018.11.01/lib/plset.h:15:51:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# Range list definitions.  For applications which access mask lines as range
data/iraf-2.16.1+2018.11.01/lib/qpset.h:33:32:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	QPOE_MODE		25	# poefile access mode
data/iraf-2.16.1+2018.11.01/lib/tbset.h:7:49:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# Phil Hodge,  4-Nov-1993  Add TBL_LAST_ROW for access to number of rows. DEL
data/iraf-2.16.1+2018.11.01/lib/xwhen.h:3:29:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	X_ACV	    501		    # access violation
data/iraf-2.16.1+2018.11.01/noao/astcat/lib/astrom.h:20:50:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
#define	RCCC		107		# the field center coordinate system
data/iraf-2.16.1+2018.11.01/noao/astcat/lib/astrom.h:22:52:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define	RCSYSTEM	109		# the field center coordinate system
data/iraf-2.16.1+2018.11.01/noao/astcat/lib/astrom.h:44:75:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define	AT_RCSTSYSTEM	Memc[P2C($1+15+RCST_SZ_FNAME)] # the field center cc system
data/iraf-2.16.1+2018.11.01/noao/astcat/lib/astromdef.h:47:69:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define  AT_RCSYSTEM   Memc[P2C($1+12)]        # the field center cc system
data/iraf-2.16.1+2018.11.01/noao/astcat/lib/astromdef.h:48:74:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define  AT_RCSOURCE   Memc[P2C($1+12+RC_SZ_FNAME)] # the field center cc system
data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/apphotdef.h:32:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# pointer to sequential access buffer (not used currently)
data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/apphotdef.h:34:57:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	AP_SEQUENTIAL	Memi[$1+21]	# Sequential or random access
data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/radprofdef.h:14:45:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define  AP_ORPXCUR	Memr[P2R($1+7)]	# output system X image center in pixels
data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/radprofdef.h:15:44:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define	AP_ORPYCUR	Memr[P2R($1+8)]	# output system Y image center in pixels
data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/prstruct.h:4:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# Pointer access
data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/prstruct.h:318:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# Vector access
data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/prstruct.h:329:14:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# Individual access for variable symbols and counters.
data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/prstruct.h:335:14:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# Individual access for fitting parameter symbols, values and list. The
data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/prstruct.h:341:14:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# Individual access for derivative equation string offsets and codes. The
data/iraf-2.16.1+2018.11.01/noao/lib/smw.h:125:22:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# Spectrum types and access modes.
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:187:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (res, o1sp);
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:188:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat (res, o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:205:4:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
			sprintf ((char *)(res + (cp - o1sp)),
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:212:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy (res, o1sp);
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:231:15:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		            strcpy (s2, o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:236:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (res, o1.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:248:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat (res, s2);
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:250:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat (res, o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:205:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (pfilename, pfp->pf_ltp->lt_pkp->pk_name);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:207:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat (pfilename, pfp->pf_ltp->lt_lname);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:243:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (buf, task_spec);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:468:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (cd_prev, cd_curr);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:483:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (dirname, cd_prev);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:492:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (cd_prev, cd_curr);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:493:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (cd_curr, dirname);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:544:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (buf, errmsg);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1933:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (os_filelist, osfn);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1940:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf (oscmd, host_editor (envget ("editor")), os_filelist);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1968:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (device, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:2033:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (device, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:2093:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (device, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/clsystem.c:44:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (errfile, outfile);
data/iraf-2.16.1+2018.11.01/pkg/cl/compile.c:232:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (start, s);
data/iraf-2.16.1+2018.11.01/pkg/cl/compile.c:246:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (es, ns);
data/iraf-2.16.1+2018.11.01/pkg/cl/decl.c:387:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (pp->p_val.v_s, s);
data/iraf-2.16.1+2018.11.01/pkg/cl/decl.c:411:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (news, s);
data/iraf-2.16.1+2018.11.01/pkg/cl/decl.c:719:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (pp->p_name, op->o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/decl.c:875:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (pp->p_prompt, o->o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:123:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (fname, "home$%s.ed", editor);
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:127:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (fname, "dev$%s.ed", editor);
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:141:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (ed_editorcmd, "iraf%s", editor);
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:190:10:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	    n = sscanf (string, "%s %s %s", label, escape, name);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:113:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (cx->e_pset, pset);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:160:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (cx->e_pset, newpset);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:165:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (cx->e_pset, newpset);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:168:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (runcmd, "%s (mode='h')\n", newpset);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:277:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (nextpset, e_nextpset);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:513:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (string, "PARFILE = %s\r\n", pfp->pf_pfilename);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:517:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (string, "PACKAGE = %s\r\n", ltp->lt_pkp->pk_name);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:519:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (string, "   TASK = %s\r\n", ltp->lt_lname);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:678:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (outbuf, colbuf);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:716:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (dbg, "string = |%s|  ", string);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:756:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf (message, "%s [%s]?", errstr, outstring);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:771:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (message, errstr);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:817:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (message, "%s must be `yes' or `no'", errstr);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:821:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (message, "What?  %s", range);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:824:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (message, "%s %s", errstr, range);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1007:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (&arglist[1], args);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1160:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (oldline, string);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1389:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (chn, chn+1);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1408:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (chn, chn+1);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1439:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (cp, chn);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1453:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (tempstr, cp);	/* save the end */
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1455:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (cp+oldnum, tempstr);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1462:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (oldline, cp);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1487:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (cp, oldline);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1681:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf (buf,
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1688:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (buf, " - %d parameters written to %s", n,
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1701:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (e_nextpset, e_cx->e_pset);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1733:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (e_nextpset, pset);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1745:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf (buf, "parameter `%s' is not a pset parameter",
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1761:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (e_nextpset, pset);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1780:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (e_nextpset, pset);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1865:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf (errmsg, errfmt, errarg);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:493:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    	sprintf (logmsg, "Start (%s)", newtask->t_ltp->lt_pname);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:543:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (cmd, ip);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:557:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (cmd, redir);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:563:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (cmd, redir);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:567:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (cmd, redir);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:571:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (cmd, redir);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:701:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (bin_path, "%s%s.e", pkg ? pkg->pk_bin : BINDIR, root);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:702:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (loc_path, "./%s.e", root);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:718:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (bin_root, root_path);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:734:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (bin_path, "%s.linux/%s.e", bin_root, root);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:738:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (bin_path, "%s.redhat/%s.e", bin_root, root);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:745:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (bin_path, "%s.redhat/%s.e", bin_root, root);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:752:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (bin_path, "%s.macosx/%s.e", bin_root, root);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:759:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (bin_path, "%s.macintel/%s.e", bin_root, root);
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:45:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	char	*strcpy(), *index();
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:58:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    query_status = strcpy (buf, string);
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:168:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (message, str);
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:174:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(message, str);
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:202:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (message, str);
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:343:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (buf, ibuf);
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:999:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (fname, "%spipe%d", dir, pipecode);
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:341:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (raw_cmdblk, cmdblk);
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:1070:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf (fp, marg1);
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:1074:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf (fp, marg2);
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:1144:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (msg, "# %8.8s %s%s%s %s- ",
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:355:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (clstartup, HOSTLIB);
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:356:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (clstartup, CLSTARTUP);
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:357:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (clprocess, CLDIR);
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:358:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (clprocess, CLPROCESS);
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:454:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (o.o_val.v_s, arglist);
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:474:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf (global, "%s/.iraf/login.cl", home);
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:528:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(logoutfile, HOSTLIB);
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:529:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(logoutfile, CLLOGOUT);
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:346:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf (buf, "%.3f %.3f %d %s %s\n",
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:669:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf (fp, *pp->p_prompt == '\0' ? pp->p_name : pp->p_prompt);
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:894:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (bkg_query_file, "%sBQF%d", envget(UPARM), filecode);
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:895:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (query_response_file, "%sBQR%d", envget(UPARM), filecode);
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:133:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (s2, o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:1113:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (format, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:1162:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (format, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:1168:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (pname, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:50:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (outstr, indefstr);
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:57:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf (outstr, op->o_val.v_i == NO ? falsestr : truestr);
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:69:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (outstr, op->o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:281:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (numstr, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:371:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (hexnum, s);
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:378:10:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	    if (sscanf (s, format, &o.o_val.v_i) != 1) {
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:782:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (sbuf, param_spec);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:128:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (pfp->pf_pfilename, pfilepath);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:293:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (pfp->pf_pfilename, usr_pfile);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:308:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (pfp->pf_pfilename, usr_pfile);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:397:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy (*q++, *p++);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:476:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (pfp->pf_pfilename, pfilename);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:571:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy (pp->p_val.v_s, qq->p_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:580:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (pp->p_val.v_s, firstask->t_modep->p_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:766:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (buf, dir);		/* start with directory name	*/
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:771:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (buf, temp);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:773:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (buf, temp);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:775:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (buf, ltname);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:777:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (buf, extn);		/* add extension for pfile	*/
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:964:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (newpfp->pf_pfilename, pfp->pf_pfilename);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1076:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(*q++, *p++) ;
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1321:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (pp->p_val.v_s, initbuf);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1547:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(*p, INDEFSTR);
data/iraf-2.16.1+2018.11.01/pkg/cl/prcache.c:258:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (pr->pr_name, process);
data/iraf-2.16.1+2018.11.01/pkg/cl/prcache.c:319:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (pname[nprocs++], pr->pr_name);
data/iraf-2.16.1+2018.11.01/pkg/cl/prcache.c:458:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (out, "[%02d] %s!%d(%xX)",
data/iraf-2.16.1+2018.11.01/pkg/cl/scan.c:312:14:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	nscan_val = sscanf (buf, format,
data/iraf-2.16.1+2018.11.01/pkg/cl/stack.c:128:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (dest->o_val.v_s, op->o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/task.c:346:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (buf, task_spec);
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:1343:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define YYFPRINTF fprintf
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:3264:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (curr_task, ltname);
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:3365:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf (pname, "%s.%s",
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:3369:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				    strcat (pname, f);
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:3372:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy (pname, stkop((yyvsp[(1) - (1)]))->o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:230:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (res, o1sp);
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:231:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat (res, o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:248:4:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
			sprintf ((char *)(res + (cp - o1sp)),
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:255:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy (res, o1sp);
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:274:15:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		            strcpy (s2, o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:279:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (res, o1.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:291:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat (res, s2);
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:293:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat (res, o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:211:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (pfilename, pfp->pf_ltp->lt_pkp->pk_name);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:213:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat (pfilename, pfp->pf_ltp->lt_lname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:248:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (buf, task_spec);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:495:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (cd_prev, cd_curr);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:510:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (dirname, cd_prev);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:519:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (cd_prev, cd_curr);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:520:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (cd_curr, dirname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:592:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (buf, errmsg);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:601:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (errcom.errmsg, errmsg);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:602:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (errcom.task, currentask->t_ltp->lt_lname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:633:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (errcom.errmsg, errmsg);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:635:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy (errcom.script, script->t_ltp->lt_lname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2038:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (os_filelist, osfn);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2045:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf (oscmd, host_editor (envget ("editor")), os_filelist);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2073:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (device, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2138:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (device, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2198:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (device, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2259:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (handler, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/clsystem.c:43:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (errfile, outfile);
data/iraf-2.16.1+2018.11.01/pkg/ecl/compile.c:238:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (start, s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/compile.c:252:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (es, ns);
data/iraf-2.16.1+2018.11.01/pkg/ecl/decl.c:387:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (pp->p_val.v_s, s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/decl.c:411:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (news, s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/decl.c:719:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (pp->p_name, op->o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/decl.c:883:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (pp->p_prompt, o->o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:123:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (fname, "home$%s.ed", editor);
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:127:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (fname, "dev$%s.ed", editor);
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:141:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (ed_editorcmd, "iraf%s", editor);
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:190:10:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	    n = sscanf (string, "%s %s %s", label, escape, name);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:122:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (cx->e_pset, pset);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:169:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (cx->e_pset, newpset);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:174:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (cx->e_pset, newpset);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:177:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (runcmd, "%s (mode='h')\n", newpset);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:181:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (epar_cmdbuf, runcmd);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:289:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (nextpset, e_nextpset);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:525:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (string, "PARFILE = %s\r\n", pfp->pf_pfilename);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:529:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (string, "PACKAGE = %s\r\n", ltp->lt_pkp->pk_name);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:531:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (string, "   TASK = %s\r\n", ltp->lt_lname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:690:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (outbuf, colbuf);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:728:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (dbg, "string = |%s|  ", string);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:768:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf (message, "%s [%s]?", errstr, outstring);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:783:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (message, errstr);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:829:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (message, "%s must be `yes' or `no'", errstr);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:833:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (message, "What?  %s", range);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:836:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (message, "%s %s", errstr, range);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1019:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (&arglist[1], args);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1172:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (oldline, string);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1401:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (chn, chn+1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1420:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (chn, chn+1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1451:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (cp, chn);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1465:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (tempstr, cp);	/* save the end */
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1467:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (cp+oldnum, tempstr);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1474:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (oldline, cp);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1499:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (cp, oldline);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1693:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf (buf,
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1700:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (buf, " - %d parameters written to %s", n,
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1713:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (e_nextpset, e_cx->e_pset);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1745:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (e_nextpset, pset);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1757:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf (buf, "parameter `%s' is not a pset parameter",
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1773:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (e_nextpset, pset);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1792:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (e_nextpset, pset);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1877:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf (errmsg, errfmt, errarg);
data/iraf-2.16.1+2018.11.01/pkg/ecl/errs.c:307:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy (errcom.errmsg, diagstr);
data/iraf-2.16.1+2018.11.01/pkg/ecl/errs.c:308:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy (errcom.task, currentask->t_ltp->lt_lname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/errs.c:393:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (opt, "%s %s %s %s %s",
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:538:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    	sprintf (logmsg, "Start (%s)", newtask->t_ltp->lt_pname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:588:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (cmd, ip);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:602:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (cmd, redir);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:608:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (cmd, redir);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:612:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (cmd, redir);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:616:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (cmd, redir);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:746:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (bin_path, "%s%s.e", pkg ? pkg->pk_bin : BINDIR, root);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:747:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (loc_path, "./%s.e", root);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:763:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (bin_root, root_path);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:779:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (bin_path, "%s.linux/%s.e", bin_root, root);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:783:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (bin_path, "%s.redhat/%s.e", bin_root, root);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:790:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (bin_path, "%s.redhat/%s.e", bin_root, root);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:797:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (bin_path, "%s.macosx/%s.e", bin_root, root);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:804:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (bin_path, "%s.macintel/%s.e", bin_root, root);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:1231:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (errcom.task, currentask->t_ltp->lt_lname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:42:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	char	*strcpy(), *index();
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:55:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    query_status = strcpy (buf, string);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:163:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (message, str);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:169:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(message, str);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:195:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (message, str);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:435:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (buf, ibuf);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:1151:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (fname, "%spipe%d", dir, pipecode);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:259:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    		    strcpy (raw_cmd, epar_cmdbuf);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:268:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    		    strcpy (raw_cmd, cmd);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:368:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (raw_cmdblk, cmdblk);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:988:6:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    printf ((eh_longprompt == YES) ? "%s> " : "%2.2s> ", string);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:1016:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf (prompt,
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:1132:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf (fp, marg1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:1136:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf (fp, marg2);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:1206:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (msg, "# %8.8s %s%s%s %s- ",
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:392:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (clstartup, HOSTLIB);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:393:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (clstartup, CLSTARTUP);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:394:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (clprocess, CLDIR);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:395:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (clprocess, CLPROCESS);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:502:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (o.o_val.v_s, arglist);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:528:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf (global, "%s/.iraf/login.cl", home);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:598:12:  [4] (tmpfile) mktemp:
  Temporary file race condition (CWE-377).
	tmpfile = mktemp (buf);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:638:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(logoutfile, HOSTLIB);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:639:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(logoutfile, CLLOGOUT);
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:342:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf (buf, "%.3f %.3f %d %s %s\n",
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:654:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf (fp, *pp->p_prompt == '\0' ? pp->p_name : pp->p_prompt);
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:874:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (bkg_query_file, "%sBQF%d", envget(UPARM), filecode);
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:875:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (query_response_file, "%sBQR%d", envget(UPARM), filecode);
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:130:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (s2, o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:1072:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (format, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:1120:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (format, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:1126:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (pname, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:47:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (outstr, indefstr);
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:54:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf (outstr, op->o_val.v_i == NO ? falsestr : truestr);
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:66:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (outstr, op->o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:266:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (numstr, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:353:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (hexnum, s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:360:10:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	    if (sscanf (s, format, &o.o_val.v_i) != 1) {
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:632:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy (ip, &result.o_val.v_s[1]);
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:772:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (sbuf, param_spec);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:126:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (pfp->pf_pfilename, pfilepath);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:291:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (pfp->pf_pfilename, usr_pfile);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:306:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (pfp->pf_pfilename, usr_pfile);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:395:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy (*q++, *p++);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:474:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (pfp->pf_pfilename, pfilename);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:569:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy (pp->p_val.v_s, qq->p_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:578:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (pp->p_val.v_s, firstask->t_modep->p_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:762:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (buf, dir);		/* start with directory name	*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:767:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (buf, temp);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:769:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (buf, temp);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:771:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (buf, ltname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:773:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (buf, extn);		/* add extension for pfile	*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:954:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (newpfp->pf_pfilename, pfp->pf_pfilename);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1064:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(*q++, *p++) ;
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1306:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (pp->p_val.v_s, initbuf);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1532:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(*p, INDEFSTR);
data/iraf-2.16.1+2018.11.01/pkg/ecl/prcache.c:257:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (pr->pr_name, process);
data/iraf-2.16.1+2018.11.01/pkg/ecl/prcache.c:316:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (pname[nprocs++], pr->pr_name);
data/iraf-2.16.1+2018.11.01/pkg/ecl/prcache.c:453:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (out, "[%02d] %s!%d(%xX)",
data/iraf-2.16.1+2018.11.01/pkg/ecl/scan.c:306:14:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	nscan_val = sscanf (buf, format,
data/iraf-2.16.1+2018.11.01/pkg/ecl/stack.c:127:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (dest->o_val.v_s, op->o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/task.c:334:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (buf, task_spec);
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:1379:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define YYFPRINTF fprintf
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:3303:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (curr_task, ltname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:3406:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf (pname, "%s.%s",
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:3410:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				    strcat (pname, f);
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:3413:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy (pname, stkop((yyvsp[(1) - (1)]))->o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/images/tv/wcslab/wcs_desc.h:5:5:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
#   access elements of a WCSLAB descriptor.  The descriptor provides all
data/iraf-2.16.1+2018.11.01/pkg/images/tv/wcslab/wcs_desc.h:96:18:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
# to the logical system.
data/iraf-2.16.1+2018.11.01/pkg/images/tv/wcslab/wcs_desc.h:171:52:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
# The center of the transformations in the logical system.  
data/iraf-2.16.1+2018.11.01/pkg/images/tv/wcslab/wcs_desc.h:210:50:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
# The center of the transformations in the world system.
data/iraf-2.16.1+2018.11.01/pkg/softools/mkapropos/help.h:48:38:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define	O_SYSDOC	3		# print technical system documentation
data/iraf-2.16.1+2018.11.01/pkg/softools/mkapropos/helpdir.h:31:29:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define	M_SYS		Memi[$1+2]		# system docs file index
data/iraf-2.16.1+2018.11.01/pkg/system/help/help.h:52:38:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define	O_SYSDOC	3		# print technical system documentation
data/iraf-2.16.1+2018.11.01/pkg/system/help/helpdir.h:31:29:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define	M_SYS		Memi[$1+2]		# system docs file index
data/iraf-2.16.1+2018.11.01/pkg/system/help/xhelp/xhelp.h:10:43:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define  HDB_RAW         Memi[$1+1]      # access compiled or raw database
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/od/od.h:5:48:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
od.h -- Include parameters for the 1D I/O data system.
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/od/od.h:9:37:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# Below describes the structure and access to the OD descriptor.
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/od/od.h:22:47:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define  OD_WSYS_PTR     Memi[$1+10]     # WCS system type.
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/wcslab/wcs_desc.h:5:5:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
#   access elements of a WCSLAB descriptor.  The descriptor provides all
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/wcslab/wcs_desc.h:96:18:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
# to the logical system.
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/wcslab/wcs_desc.h:171:52:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
# The center of the transformations in the logical system.  
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/wcslab/wcs_desc.h:210:50:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
# The center of the transformations in the world system.
data/iraf-2.16.1+2018.11.01/pkg/xtools/catquery/cq.h:3:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# The catalog access interface parameter definitions
data/iraf-2.16.1+2018.11.01/pkg/xtools/catquery/cq.h:23:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# The catalog access results parameter definitions
data/iraf-2.16.1+2018.11.01/pkg/xtools/catquery/cq.h:46:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# The surveys access results parameter definitions
data/iraf-2.16.1+2018.11.01/pkg/xtools/catquery/cqdef.h:19:56:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	CQ_MODE	      Memi[$1+1]	        # The database access mode
data/iraf-2.16.1+2018.11.01/pkg/xtools/skywcs/skywcsdef.h:9:60:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define	SKY_EQUINOX	Memd[P2D($1+8)]	    # equinox of ra/dec system (B or J)
data/iraf-2.16.1+2018.11.01/pkg/xtools/skywcs/skywcsdef.h:11:57:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define	SKY_CTYPE	Memi[$1+12]	    # celestial coordinate system code
data/iraf-2.16.1+2018.11.01/pkg/xtools/skywcs/skywcsdef.h:12:46:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define	SKY_RADECSYS	Memi[$1+13]	    # ra/dec system code
data/iraf-2.16.1+2018.11.01/pkg/xtools/skywcs/skywcsdef.h:18:47:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define	SKY_PIXTYPE	Memi[$1+19]	    # iraf wcs system code
data/iraf-2.16.1+2018.11.01/pkg/xtools/skywcs/skywcsdef.h:24:59:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define	SKY_COOSYSTEM	Memc[P2C($1+25)]    # the coordinate system name
data/iraf-2.16.1+2018.11.01/sys/clio/clpset.h:1:23:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# CLPSET.H -- CL pset access package header file.
data/iraf-2.16.1+2018.11.01/sys/fmio/fmio.h:26:43:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define  FM_MODE         Memi[$1+3]      # access mode of datafile
data/iraf-2.16.1+2018.11.01/sys/fmio/fmio.h:57:42:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# File table entry (FTE) during datafile access.
data/iraf-2.16.1+2018.11.01/sys/fmio/fmset.h:4:34:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	FM_ACMODE		1	#RO datafile access mode
data/iraf-2.16.1+2018.11.01/sys/imfort/imfort.h:21:37:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	IM_ACMODE	Memi[$1+2]	# image access mode
data/iraf-2.16.1+2018.11.01/sys/imio/iki/fxf/fxf.h:66:36:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	FIT_ACMODE	Memi[$1]	# image access mode
data/iraf-2.16.1+2018.11.01/sys/imio/imt/fxf.h:66:36:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	FIT_ACMODE	Memi[$1]	# image access mode
data/iraf-2.16.1+2018.11.01/sys/libc/freadline.c:29:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (line, cmd);		/* save to static buffer	*/
data/iraf-2.16.1+2018.11.01/sys/libc/mktemp.c:13:1:  [4] (tmpfile) mktemp:
  Temporary file race condition (CWE-377).
mktemp (
data/iraf-2.16.1+2018.11.01/sys/libc/mktemp.c:20:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    (void) strcpy (template, unique);
data/iraf-2.16.1+2018.11.01/sys/libc/printf.c:29:1:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
printf (char *format, ...)
data/iraf-2.16.1+2018.11.01/sys/libc/printf.c:43:1:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
fprintf (FILE *fp, char *format, ...)
data/iraf-2.16.1+2018.11.01/sys/libc/scanf.c:72:1:  [4] (buffer) scanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
scanf (char *format, ...)
data/iraf-2.16.1+2018.11.01/sys/libc/scanf.c:95:1:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
fscanf (FILE *fp, char *format, ...)
data/iraf-2.16.1+2018.11.01/sys/libc/scanf.c:119:1:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
sscanf (char *str, char *format, ...)
data/iraf-2.16.1+2018.11.01/sys/libc/sprintf.c:21:1:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
sprintf (char *str, char *format, ...)
data/iraf-2.16.1+2018.11.01/sys/libc/strcat.c:11:1:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
strcat (
data/iraf-2.16.1+2018.11.01/sys/libc/strcpy.c:10:1:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
strcpy (
data/iraf-2.16.1+2018.11.01/sys/libc/system.c:15:1:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
system (
data/iraf-2.16.1+2018.11.01/sys/libc/zztest.c:63:14:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	    nscan = sscanf (buf,
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:66:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf (message, p_format, *arg1);
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:84:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf (message, p_format, *arg1, *arg2);
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:105:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf (message, p_format, p_strarg);
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:159:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf (fp, p_format, *arg1, *arg2);
data/iraf-2.16.1+2018.11.01/sys/mtio/mtio.h:1:64:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
# MTIO.H --  Magtape i/o interface definitions.  Note that the system config
data/iraf-2.16.1+2018.11.01/sys/mtio/mtio.h:27:38:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	MT_ACMODE	mtdev[2,$1+1]	# new access mode
data/iraf-2.16.1+2018.11.01/sys/mwcs/mwcs.h:49:55:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define	MI_NLOGDIM	Memi[$1+12]		# dimension of logical system
data/iraf-2.16.1+2018.11.01/sys/mwcs/mwcs.h:63:48:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define	WCS_NDIM	Memi[$1]		# dimension of world system
data/iraf-2.16.1+2018.11.01/sys/mwcs/mwcs.h:64:47:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define	WCS_SYSTEM	Memi[$1+1]		# sbuf index of system name
data/iraf-2.16.1+2018.11.01/sys/mwcs/mwcs.h:105:47:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define	CT_WCSI		Memi[$1+2]		# pointer back to system 1
data/iraf-2.16.1+2018.11.01/sys/mwcs/mwcs.h:106:47:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
define	CT_WCSO		Memi[$1+3]		# pointer back to system 2
data/iraf-2.16.1+2018.11.01/sys/pmio/mio.h:8:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# inverted to access only the "masked" pixels, or a mask might be ANDed with a
data/iraf-2.16.1+2018.11.01/sys/qpoe/qpoe.h:44:39:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	QP_MODE		Memi[$1+6]	# datafile access mode
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:54:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (vfn, pkg);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:56:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (vfn, SETENV);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:122:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (osfn, hlib);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:123:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (osfn, SETENV);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osaccess.c:23:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy ((char *)osfn, vfn2osfn(fname,0));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osdir.c:25:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy ((char *)osfn, dirname);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osfn2vfn.c:28:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (vfn, osfn);		/* [MACHDEP */
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osfn2vfn.c:61:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy ((char *)x_osfn, osfn);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osfn2vfn.c:79:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (vfn, osfn);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:35:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf (stderr, errmsg, "iraf");
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:40:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf (stderr, errmsg, "host");
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:48:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (valstr, os_subdir (irafdir, "lib"));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:50:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (valstr, os_subdir (irafdir, "bin"));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:52:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (valstr, os_subdir (irafdir, "dev"));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:54:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (valstr, os_subdir (irafdir, "pkg"));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:56:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (valstr, os_subdir (irafdir, "sys"));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:58:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (valstr, os_subdir (irafdir, "math"));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:60:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (valstr, os_subdir (hostdir, "hlib"));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:62:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (valstr, os_subdir (hostdir, "as"));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:86:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy ((char *)symbol, envvar);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osputenv.c:22:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (buf, "%s=%s", name, value);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osputenv.c:24:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (env, buf);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osputenv.c:50:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (buf, "%s=%s", name, value);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osputenv.c:52:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (env, buf);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossysfile.c:98:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (outfname, sysfile);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossysfile.c:101:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (fname, libs[i]);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossysfile.c:102:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (fname, sysfile);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/tape.c:131:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy ((char *)osfn, vfn2osfn (fname, 0));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/tape.c:250:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (osdev, fname);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/tape.c:254:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (osdev, fname);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/vfn2osfn.c:51:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (fname, ldir);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/vfn2osfn.c:52:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (fname, ip);
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:116:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy (genfname, *++p);
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:134:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (input_file, files[n]);
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:156:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (fname, prefix);
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:165:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (template, input_file);
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:169:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (template, genfname);
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:185:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat (fname, make_typed_filename (template, *t));
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:187:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat (fname, template);
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:194:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat (fname, extension);
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:197:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (access(fname,0) == 0) {
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:522:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (fp->f_types, types);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/char.c:81:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy (lbuf, name);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/fncache.c:93:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (fn->lname, lname);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/fncache.c:94:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (fn->fname, fname);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/fncache.c:120:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf (lname, "<%s>", fn->lname);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:105:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (cmd, "%s -r %s %s", XC, irafdir, xflags);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:107:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (cmd, "%s %s", XC, xflags);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:178:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (cmd, "%s %s %s", LIBRARIAN, LIBFLAGS, resolvefname(libfname));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:250:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (cmd, "%s %s", REBUILD, libpath);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:306:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (access (mkpath(fname,ip,path), 0) < 0)
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:321:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (backup, "%s.cko", fname);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:322:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access (backup, 0) == 0) {
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:359:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	    if (access (mkpath(fname,ip,path), 0) < 0)
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:384:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access (fname, 0) != -1) {
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:400:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (backup, "%s.cko", fname);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:401:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (access (backup, 0) == -1) {
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:428:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (fname, file);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:491:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (old, vfn2osfn (oldfile, 0));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:492:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (new, vfn2osfn (newfile, 1));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:595:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (old_osfn, vfn2osfn (old, 0));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:596:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (new_osfn, vfn2osfn (new, 0));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:786:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (outstr, module);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:812:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (pathname, fname);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:816:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (pathname, relpath);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:824:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy ((str ? (str+1) : pathname), relpath);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:95:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (cx->mkpkgfile, MKPKGFILE);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:119:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			    strcpy (cx->mkpkgfile, *argp++);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:162:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			    strcpy (irafdir, *argp++);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:215:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (v_pkgenv, pkgenv[0]);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:242:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (fname, "%s$lib/mkpkg.inc", pkgenv[i]);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:251:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (new_xflags, "%s %s", getsym(XFLAGS), flags);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:259:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (new_xvflags, "%s %s", getsym(XVFLAGS), flags);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:267:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (new_lflags, "%s %s", getsym(LFLAGS), flags);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:328:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf (errmsg, fmt, arg);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:343:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf (errmsg, fmt, arg);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:32:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (cx->mkpkgfile, MKPKGFILE);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:48:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (fname, "%s%s", cx->curdir, cx->mkpkgfile);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:113:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (cx->library, cx->prev->library);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:180:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (modname, token);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:187:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (srcname, sfp ? sfp->sf_sfname : modname);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:536:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (ncx->library, module);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:544:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (ncx->curdir, newdir);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:568:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (ncx->mkpkgfile, fname);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:900:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (cx->library, prev);	/* return module name 	*/
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:202:11:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		        sprintf (modname, "%s", p);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:320:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (&mlb_sbuf[mlb_op], modname);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/sflist.c:150:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (stname, token);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:115:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (outstr, "<%s>", tokbuf);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:358:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf (op, "<%s>", tokbuf);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:596:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (modspec, program);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:667:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (match, "%s:", symbol);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:783:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (xflags, s_xflags);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:786:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (cmd, "%s %s -r %s %s", XC, xflags, irafdir, fname);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:788:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (cmd, "%s %s %s", XC, xflags, fname);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:822:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (cmd, "%s -r %s", XC, irafdir);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:824:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (cmd, "%s", XC);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:895:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (cmd, "%s %s -r %s", XC, lflags, irafdir);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:897:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (cmd, "%s %s", XC, lflags);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:904:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (cmd, linkline);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1011:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (fname, getargs (cx));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1012:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (dname, getargs (cx));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1036:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (fname, getargs (cx));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1037:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (dname, getargs (cx));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1060:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (old, getargs (cx));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1061:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (new, getargs (cx));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1094:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (old, getargs (cx));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1095:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (new, getargs (cx));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1136:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (fname, getargs (cx));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1198:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (cmd, prefix);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1257:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (args, tokbuf);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1261:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (args, "<%s>", tokbuf);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1342:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (value, getargs(cx));
data/iraf-2.16.1+2018.11.01/unix/boot/rmbin/rmbin.c:143:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (newpath, "%s%s/", path, dir);
data/iraf-2.16.1+2018.11.01/unix/boot/rmfiles/rmfiles.c:146:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (lbuf, prog);
data/iraf-2.16.1+2018.11.01/unix/boot/rmfiles/rmfiles.c:295:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (newpath, "%s%s/", path, dir);
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:493:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (fh->linkname, hb->dbuf.linkname);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:229:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (f2cpath, tempfile);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:244:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (ccomp, s);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:246:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (f77comp, s);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:251:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (linker, s);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:268:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (v_pkgenv, v_pkgenv[0] ? " -p " : "-p ");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:269:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (v_pkgenv, argv[i]);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:281:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (ip = u_pkgenv, s);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:293:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat (v_pkgenv, v_pkgenv[0] ? " -p " : "-p ");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:294:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat (v_pkgenv, pkgname);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:349:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy (bp, vfn2osfn (&arg[2], 0));
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:383:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy (outfile, arg);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:546:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (access (arg,0) == -1) {
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:787:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (tempfile, "/tmp/T_%s.XXXXXX", outfile);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:790:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (tempfile, "T_%s", outfile);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:880:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (command, "/bin/cp -f %s %s", tempfile, outfile);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:911:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf (command, "%s %s %s", edsym, outfile, shlib);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:939:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (fname, "lib%s.a", &i_fname[2]);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:947:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (fname, i_fname);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:949:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (libp, oname);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:951:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (libp, fname);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:978:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy ((fs = malloc(len+1)), lflag);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1018:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (savename, libref);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1021:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (libname, "lib%s.a", libref+2);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1036:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (fname, libref);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1059:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access (fname, 0) == 0) {
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1060:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (path, fname);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1068:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (absname=bp, vfn2osfn (path, 0));
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1117:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (xpp_path, XPP);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1121:10:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	        sprintf (cmdbuf, "%s %s -A -R %s", xpp_path, pkgenv, file);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1123:10:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	        sprintf (cmdbuf, "%s -A -R %s", xpp_path, file);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1126:10:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	        sprintf (cmdbuf, "%s %s -R %s", xpp_path, pkgenv, file);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1128:10:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	        sprintf (cmdbuf, "%s -R %s", xpp_path, file);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1134:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (cmdbuf, foreign_defsfile);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1140:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (fname, file);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1145:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (rpp_path, RPP);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1146:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (cmdbuf, "%s %s%s >%s",
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1207:6:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    execvp (task, argv);	/* use user PATH for search */
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1208:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (path, SYSBINDIR);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1209:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (path, task);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1210:6:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    execv  (path, argv);	/* look in SYSBINDIR */
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1211:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (path, LOCALBINDIR);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1212:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (path, task);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1213:6:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    execv  (path, argv);	/* look in LOCALBINDIR */
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1291:6:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    execv (argv[0], argv);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1390:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf (out, s1, s2);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1432:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (path, dp);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1433:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (path, prog);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1434:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	    if (access (path, 0) != -1)
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1439:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (dp, SYSBINDIR);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1440:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (path, dp);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1441:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (path, prog);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1443:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access (path, 0) != -1) {
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1453:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (envpath, "PATH=%s:%s", SYSBINDIR, oldpath);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1461:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (dp, LOCALBINDIR);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1462:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (path, dp);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1463:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (path, prog);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1464:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access (path, 0) != -1)
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:121:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf (lbuf, "%s.%s multiply declared",
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:173:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf (lbuf, "%s.%s multiply declared",
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:367:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (text, "\t%s = 0\n", procname);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:422:15:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	sp->s_name = strcpy (nextch, name);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:2729:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy (fname[istkptr], IRAFLIB);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:2730:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat (fname[istkptr], RUNTASK);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:2851:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (sysfile, HOSTLIB);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:2852:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (sysfile, *files);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:572:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (emsg, 
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1023:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (buf, "%s\tiyy\n", type_decl[TY_INT]);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1050:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (buf, "%s\tdp(%d)\n", type_decl[XTY_INT], ntasks + 1);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1052:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (buf, "%s\tdict(%d)\n", type_decl[XTY_CHAR],
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1075:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (lbuf, "\t    call %s\n", task_list[i].proc_name);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1441:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (sp, yytext);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1454:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (lbuf, "%s\t%s(%d)\n", type_decl[XTY_CHAR], s->str_name,
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1495:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (outbuf, "\'%s\'", strbuf);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c:76:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy (irafdefs, p);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c:103:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (v_pkgenv, pkgenv);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c:111:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (irafdefs, vfn2osfn (IRAFDEFS,0));
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c:164:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy (fname[0], argv[i]);
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:276:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (newpath, "%s%s", dname(path), dir);
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:277:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (newpath, dname(newpath));
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:351:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (fh.name, path);
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:352:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (fh.name, fname);
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:357:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (fh.name, dname(fh.name));
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:537:12:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    (void) vfprintf (stderr, s, ap);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:575:12:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    (void) vfprintf (stderr, s, ap);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:616:10:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		(void) fprintf (foutput, WSFMT ("%s "), symnam (j));
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:742:13:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    (void) fprintf (foutput, WSFMT ("\n%s: "), nontrst[i].name);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:839:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	(void) fprintf (foutput,
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:1005:14:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		    (void) fprintf (foutput,
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:1135:13:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    (void) fprintf (foutput, WSFMT ("\t%s"), writem (u->pitem));
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:249:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    cp = strcpy (cp, optarg);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1029:13:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    (void) fprintf (fdebug, WSFMT ("\t\"%s\",\t%d,\n"),
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1041:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	(void) fprintf (fdebug,
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1044:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	(void) fprintf (fsppout, WSFMT ("define\t%s\t\t%d\n"),
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1047:13:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    (void) fprintf (fdefine,
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1434:10:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		(void) fprintf (faction, WSFMT (".%s"), typeset[tok]);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1480:10:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		(void) fprintf (faction, WSFMT (".%s"), typeset[tok]);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1595:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    (void) strcpy (lhstext, s);	/* don't worry about too long of a name */
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1717:12:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    (void) fprintf (fdebug, WSFMT ("\t\"%s :%s\",\n"), lhstext, rhs);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y3.c:111:12:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				(void) fprintf (foutput,
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y3.c:306:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	(void) fprintf (foutput, WSFMT ("%s: gotos on "), nontrst[c].name);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y3.c:308:13:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    (void) fprintf (foutput, WSFMT ("%s "), nontrst[i].name);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y3.c:345:13:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    (void) fprintf (foutput,
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y3.c:471:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	(void) fprintf (foutput, WSFMT ("\t%s\n"), writem (pp->pitem));
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y3.c:477:10:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		(void) fprintf (foutput, WSFMT ("\t%s\n"), writem (u->pitem));
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y3.c:483:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	(void) fprintf (foutput, WSFMT ("\n\t%s  "), symnam (j0));
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y3.c:505:13:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    (void) fprintf (foutput,
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y3.c:515:12:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    (void) fprintf (fsppout, WSFMT ("define\t%s\t\t%d\n"), s, n);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y3.c:558:10:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		(void) fprintf (foutput,
data/iraf-2.16.1+2018.11.01/unix/f2c/getopt.c:87:4:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			printf(fmt, *s);
data/iraf-2.16.1+2018.11.01/unix/f2c/getopt.c:97:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(*fmt == ' ' ? " --" : "--");
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/arithchk.c:125:10:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	Cray1 = printf(emptyfmt) < 0 ? 0 : 4617762;
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/arithchk.c:126:6:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	if (printf(emptyfmt, Cray1) >= 0)
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/arithchk.c:128:6:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	if (printf(emptyfmt, Cray1) >= 0)
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/endfile.c:17:14:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
extern char *strcpy();
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/err.c:143:36:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	Help! How does fstat work on this system?
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/err.c:167:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(stderr, f__curunit->ufnm ? "named %s\n" : "(unnamed)\n",
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/inquire.c:35:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		x = access(buf,0) ? -1 : 0;
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lwrite.c:110:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(buf, fmt, n);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lwrite.c:113:9:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	return sprintf(buf, fmt, n);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lwrite.c:137:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(b, LGFMT, n);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:15:14:  [4] (tmpfile) mktemp:
  Temporary file race condition (CWE-377).
extern char *mktemp();
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:207:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (access(buf,0))
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:216:10:  [4] (tmpfile) mktemp:
  Temporary file race condition (CWE-377).
		(void) mktemp(buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:237:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (!access(buf,0))
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:252:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	(void) strcpy(b->ufnm,buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rawio.h:29:14:  [4] (tmpfile) mktemp:
  Temporary file race condition (CWE-377).
extern char *mktemp(char*);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/system_.c:35:7:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	rv = system(buff);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/cds.c:163:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(z, ebuf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/data.c:449:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(dfile, datafmt, varname, offset, type);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:36:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(buf,s,t);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:50:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(buff, s, t);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:83:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(buff, s, t);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:98:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(buff, s, t);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:112:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(buff, s, t);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:164:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(buff, "Declaration error for %s: %s", v->fvarname, s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:183:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buf1, "Execution error %s", s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:184:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(buf2, buf1, n);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:216:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(buff, t, s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:231:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(buff, t, d);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:247:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buff, "Impossible %s %d in routine %s", thing, t, r);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:318:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buff,
data/iraf-2.16.1+2018.11.01/unix/f2c/src/exec.c:349:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buf, "%s function %.90s invoked as subroutine",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c:203:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(buff, "%s constant '%.60s' truncated.",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c:206:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(buff, "%s constant '%.*s' truncated.",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c:1102:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(wbuf, "%s%s%s\n\t%s%s%s",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:896:22:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	addrp->user.Charp = strcpy(mem(strlen(buf)+1,0), buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:981:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(this_proc_name, storage);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2004:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(name = buf, "%s%d", E->cextname, E->curno);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2404:6:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	k = fscanf (infile, "%s", buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2408:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(*result = mem(strlen(buf)+1,0), buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:109:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (ovarname, varname);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:864:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
				sprintf(buf, chr_fmt[uk], uk);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:806:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(c->user.ident, "(ftnlen)sizeof(%s)", Typename[type]);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:911:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(t, "%s_fmt", s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1328:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(q->user.ident, "%s.%s",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1426:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(s, "%s%s%s%s", comm->cextname, buf,
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1433:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(s = mem(k+2,0), "%s+%s", s1, buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1448:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(s1, "(char *)%s%s", p->isarray ? "" : "&", s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:361:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(temp+k, name);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:370:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(name, s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:381:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(name+j, name0);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:813:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(infname1, bend);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:1558:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			    sprintf(buff,
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:1695:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(cbnext, str);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c:165:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf(s1, sf[t], t);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c:180:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	return strcpy(mem(strlen(s)+1,0), s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c:218:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buf, "%s%ld", pfx, n);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c:220:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	return strcpy(mem(strlen(buf)+1,0), buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c:246:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(d->defname, s1);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c:248:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(d->defname + n1, s2);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:454:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(errbuf, "\"%.35s%s\" over 6 characters long", s0,
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:458:16:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	q->fvarname = strcpy(mem(c,0), s0);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:563:22:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	nextext->fextname = strcpy(gmem(strlen(f)+1,0), f);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:566:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				: strcpy(gmem(strlen(s)+1,0), s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:93:18:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	case TYLOGICAL:	strcpy(buff, Typename[type]);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:156:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf (buf, fmt, s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:292:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf (buf, fmt, (litp -> litval.litival
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:679:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf(buf, Lfmt[shiftcase], stateno);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:681:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(buf, "L_%s", extsymtab[-1-stateno].fextname);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:706:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf (pointer, "%s__%d", prefix, num);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:726:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf (pointer, "%s_%d", EQUIV_INIT_NAME, memno);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:756:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(outbtail, "%scom.c", ext->cextname);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/niceprintf.c:113:34:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
#define SPRINTF(x,a,b,c,d,e,f,g) sprintf(x,a,b,c,d,e,f,g)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/niceprintf.c:117:34:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
#define SPRINTF(x,a,b,c,d,e,f,g) vsprintf(x,a,ap)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/niceprintf.c:416:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
				fprintf(fp, gflag1 ? "\"\\\n" : "\"\n");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.c:900:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
					sprintf(buf, chr_fmt[k], k);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.c:1403:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(buf, fl_fmt_string, x);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.c:1419:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(buf, db_fmt_string, x);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.c:1421:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	return strcpy(mem(strlen(buf)+1,0), buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:343:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(cbuf,buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:93:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buf, "%.90s: inconsistent declarations:\n\
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:121:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(t, s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:141:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(a->user.ident, "(*ret_val).%s",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:200:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(base, "%s0_", e->enamep->cvarname);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:444:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (main_alias, progname->cextname);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:488:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(badname, "%s_bad%d", v->fvarname, ++nbad);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:490:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(buf,"%s\n\tsubstituting \"%s\"",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:790:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy (np -> vleng -> addrblock.user.ident,
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:1132:20:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	namep->fvarname = strcpy(gmem(strlen(namep->fvarname)+1,0),
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:1135:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		? strcpy(gmem(strlen(namep->cvarname)+1,0), namep->cvarname)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:1702:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(buf, "dimension %d of %s is not an integer.",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:1743:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(buf, " %s_dim%d", v->fvarname, i+1);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:1786:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(buf, " %s_offset", v->fvarname);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:543:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (buf, "Computing %ld%s power", k,
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:1333:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(buf, "%s variable", ftn_types[k]);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:1344:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(buf, "%s function", ftn_types[k]);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:1350:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buf, "%s argument", ftn_types[k]);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:1390:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buf, "%s%.90s,\n\targ %d: %s%s%s %s.",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:1476:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(buf,
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:2073:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (comment_buf, "Computing M%s", what);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:176:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(c_functions, "%s%sfunc", t, f2c);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:177:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(initfname, "%s%srd", t, f2c);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:178:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(blkdfname, "%s%sblkd", t, f2c);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:179:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(p1_file, "%s%sp1f", t, f2c);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:180:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(p1_bakfile, "%s%sp1fb", t, f2c);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:181:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(sortfname, "%s%ssort", t, f2c);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:236:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(c_functions, "%s/f2c%ld_func", tmpdir, pid);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:237:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(initfname, "%s/f2c%ld_rd", tmpdir, pid);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:238:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(blkdfname, "%s/f2c%ld_blkd", tmpdir, pid);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:239:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(p1_file, "%s/f2c%ld_p1f", tmpdir, pid);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:240:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(p1_bakfile, "%s/f2c%ld_p1fb", tmpdir, pid);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:241:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(sortfname, "%s/f2c%ld_sort", tmpdir, pid);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:243:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(initbname, "%s.b", initfname);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:270:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(outbtail, b);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:569:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(s, outbuf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:597:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buf, "sort <%s >%s", from, to);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:598:9:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	return system(buf) >> 8;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/vax.c:118:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(s, "_%s", extsymtab[mem].cextname);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:182:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf (fname, "%s%d.gif", root, index);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:184:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf (fname, "%s.gif", root);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c:248:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			    strcpy (penparam, argv[++argno]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c:250:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy (penparam, argv[argno]+2);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c:338:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		    fprintf (out, DEV_FRAME);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c:529:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (username, pw->pw_name);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c:532:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (buf, "NOAO/IRAF  %s@%s  %s",
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2ueps.c:217:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (progname, argv[0]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2ueps.c:250:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			    strcpy (penparam, argv[++argno]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2ueps.c:252:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy (penparam, argv[argno]+2);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2ueps.c:343:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		    fprintf (out, DEV_FRAME);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uhplj.c:202:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf (buf_rast, DEV_RAST, n1);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uhplj.c:221:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf (obuf, DEV_VECT, x, y);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uimp.c:143:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			    strcpy (penparam, argv[++argno]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uimp.c:145:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy (penparam, argv[argno]+2);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uqms.c:129:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			    strcpy (penparam, argv[++argno]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uqms.c:131:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy (penparam, argv[argno]+2);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uqms.c:290:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (obuf, opcode);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgidispatch.c:49:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (translator, argv[1]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgidispatch.c:53:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (tpath, "%s", irafpath(translator));
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgidispatch.c:55:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access (tpath, X_OK) == ERR) {
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgidispatch.c:65:2:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	execv (tpath, &argv[1]);
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h:19:28:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	READ_ONLY	1		# file access modes
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h:123:50:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
# Name conversions (to avoid conflicts with host system).  Must agree with
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h:126:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	access	xfaccs
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h:136:8:  [4] (tmpfile) mktemp:
  Temporary file race condition (CWE-377).
define	mktemp	xmktep
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h:140:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
define	printf	xprinf
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h:148:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
define	strcat	xstrct
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h:150:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
define	strcpy	xstrcy
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h:19:28:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	READ_ONLY	1		# file access modes
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h:124:50:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
# Name conversions (to avoid conflicts with host system).  Must agree with
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h:127:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
define	access	xfaccs
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h:137:8:  [4] (tmpfile) mktemp:
  Temporary file race condition (CWE-377).
define	mktemp	xmktep
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h:141:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
define	printf	xprinf
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h:149:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
define	strcat	xstrct
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h:151:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
define	strcpy	xstrcy
data/iraf-2.16.1+2018.11.01/unix/hlib/knet.h:1:43:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# KNET.H -- Include in source files which access the IRAF kernel if network
data/iraf-2.16.1+2018.11.01/unix/hlib/knet.h:3:31:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
# in such source files.  If a system is to be configured without networking
data/iraf-2.16.1+2018.11.01/unix/hlib/knet.h:5:29:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
# before compilation of the system libraries.
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:66:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define	fprintf		u_fprintf
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:73:9:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
#define	fscanf		u_fscanf
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:82:9:  [4] (tmpfile) mktemp:
  Temporary file race condition (CWE-377).
#define	mktemp		u_mktemp
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:84:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define	printf		u_printf
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:91:9:  [4] (buffer) scanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
#define	scanf		u_scanf
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:95:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#define	sprintf		u_sprintf
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:96:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
#define	sscanf		u_sscanf
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:97:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
#define	strcat		u_strcat
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:101:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
#define	strcpy		u_strcpy
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:107:9:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
#define	system		u_system
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:147:17:  [4] (tmpfile) mktemp:
  Temporary file race condition (CWE-377).
extern char    *mktemp (char *template);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:151:17:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
extern char    *sprintf (char *str, char *format, ...);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:152:17:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
extern char    *strcat (char *s1, char *s2);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:154:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
extern char    *strcpy (char *s1, char *s2);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:240:12:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
extern int	fscanf (struct _iobuf *fp, char *format, ...);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:247:12:  [4] (buffer) scanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
extern int	scanf (char *format, ...);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:249:12:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
extern int	sscanf (char *str, char *format, ...);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:252:12:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
extern int	system (char *cmd);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:307:13:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
extern void	fprintf (struct _iobuf *fp, char *format, ...);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:311:13:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
extern void	printf (char *format, ...);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/vosproto.h:1957:47:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
extern integer mwnewm_(integer *mw, shortint *system, integer *ndim);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/vosproto.h:1968:47:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
extern integer mwssym_(integer *mw, shortint *system);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/vosproto.h:2408:51:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
extern integer skinpt_(shortint *label, shortint *system, integer *ctype, integer *radecs, doublereal *equinx, doublereal *epoch);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/vosproto.h:2409:64:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
extern integer skinwe_(integer *fd, shortint *label, shortint *system, integer *ctype, integer *radecs, doublereal *equinx, doublereal *epoch);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/vosproto.h:3436:47:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
extern integer mwfins_(integer *mw, shortint *system);
data/iraf-2.16.1+2018.11.01/unix/os/alloc.c:220:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (fp->f_name, "/dev/%s", fname);
data/iraf-2.16.1+2018.11.01/unix/os/alloc.c:222:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (fp->f_name, "/dev/rmt/%s", fname);
data/iraf-2.16.1+2018.11.01/unix/os/getproc.c:24:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (fname, "/proc/%s", direntp->d_name);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:40:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy ((char *)ldir, ULIB);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:55:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (pathname, fname);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:56:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (access (pathname, 0) == 0)
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:72:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (pathname, (char *)hostdir);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:76:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (pathname, fname);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:77:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access (pathname, 0) == 0)
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:81:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (pathname, (char *)hostdir);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:83:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (pathname, fname);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:84:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access (pathname, 0) == 0)
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:89:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (pathname, (char *)irafdir);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:91:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (pathname, irafarch);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:93:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (pathname, fname);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:94:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	    if (access (pathname, 0) == 0)
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:99:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (pathname, (char *)irafdir);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:101:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (pathname, fname);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:102:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access (pathname, 0) == 0)
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:106:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (pathname, (char *)irafdir);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:108:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (pathname, fname);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:109:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access (pathname, 0) == 0)
data/iraf-2.16.1+2018.11.01/unix/os/net/hostdb.c:35:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (hostdb, (char *)osfn);
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:27:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy ((char *)osfn, fname);
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:96:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy ((char *)text, TTYNAME);
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:154:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy ((char *)temp, subdir);
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:160:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat ((char *)pkname, fname);
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:259:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy ((char *)pkname, ldir);
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:286:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (osfn, (char *)valstr);
data/iraf-2.16.1+2018.11.01/unix/os/net/zfioks.c:217:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (username, uname);
data/iraf-2.16.1+2018.11.01/unix/os/net/zfioks.c:221:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf (prompt, "Login name (%s@%s): ", username, node);
data/iraf-2.16.1+2018.11.01/unix/os/net/zfioks.c:234:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf (prompt, "Password (%s@%s): ", username, node);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:112:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (o_mtdev, argv[1]);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:129:3:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		system (tp+1);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:169:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy (logfile, token);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:197:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy (mtdev, token);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:199:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy (mtdev, o_mtdev);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:201:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (mtdev, token);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:211:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf (lbuf, "cannot open device %s\n", mtdev);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:216:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (lbuf,
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:219:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (o_mtdev, mtdev);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:421:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (prompt, "(%s) ", dev);
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:63:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy ((char *)cmd, irafpath(ALLOCEXE));
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:64:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat ((char *)cmd, *allflg ? " -a " : " -d ");
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:65:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat ((char *)cmd, (char *)aliases);
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:103:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (devname, dev);
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:110:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy (devname, pwd->pw_dir);
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:111:17:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                strcat (devname, &dev[1]);
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:115:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (devname, "/dev/%s", dev);
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:116:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	    if (access (devname, 0) == ERR)
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:117:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (devname, "/dev/rmt/%s", dev);
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:196:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy ((char *)cmd, irafpath(ALLOCEXE));
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:198:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat ((char *)cmd, aliases);
data/iraf-2.16.1+2018.11.01/unix/os/zfacss.c:60:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	accessible = (access ((char *)fname, acmode) == 0);
data/iraf-2.16.1+2018.11.01/unix/os/zfchdr.c:42:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (oscwd, dirname);
data/iraf-2.16.1+2018.11.01/unix/os/zfgcwd.c:40:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (oscwd, dirname);
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:109:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	    if (access ((char *)osfn, 0) == ERR)
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:487:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (buf, "access %s %s\n", realpath(fname,pathname), modestr);
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:557:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (buf, "delete %s\n", realpath(fname,pathname));
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:587:3:  [4] (misc) getlogin:
  It's often easy to fool getlogin. Sometimes it does not work at all,
  because some program messed up the utmp file. Often, it gives only the
  first 8 characters of the login name. The user currently logged in on the
  controlling tty of our program need not be the user who started it. Avoid
  getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
  and extract the desired information instead.
		getlogin(), username, cmd, 0);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:616:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf (callback_cmd, "%s callback %d@%s",
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:624:3:  [4] (misc) getlogin:
  It's often easy to fool getlogin. Sometimes it does not work at all,
  because some program messed up the utmp file. Often, it gives only the
  first 8 characters of the login name. The user currently logged in on the
  controlling tty of our program need not be the user who started it. Avoid
  getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
  and extract the desired information instead.
		getlogin(), username, callback_cmd, 0);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:766:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf (command, "%s in.irafksd", cmd);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:771:8:  [4] (misc) getlogin:
  It's often easy to fool getlogin. Sometimes it does not work at all,
  because some program messed up the utmp file. Often, it gives only the
  first 8 characters of the login name. The user currently logged in on the
  controlling tty of our program need not be the user who started it. Avoid
  getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
  and extract the desired information instead.
			    getlogin(), username, command, 0);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:797:7:  [4] (shell) execlp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		    execlp (rshcmd, rshcmd,
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1335:6:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    vfprintf (debug_fp, fmt, vargs);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1418:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (fname, username);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1457:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (loginname, np->login);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1459:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (loginname, username);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1470:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (password, namep);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1474:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (password, np->password);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1601:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (pathname, pwd->pw_dir);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1603:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (pathname, IRAFHOSTS);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1605:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (username, pwd->pw_name);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1628:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (pathname, (char *)irafdir);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1629:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (pathname, HOSTLOGIN);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1682:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (lbuf, op);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1724:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (op, word);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1730:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (op, word);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1735:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (op, word);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1859:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf (fp, q ? " \"%s\"" : " %s", np->login);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1864:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf (fp, q ? " \"%s\"" : " %s", np->password);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1912:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (prompt, "Password (%s@%s): ", user, host);
data/iraf-2.16.1+2018.11.01/unix/os/zfiolp.c:133:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (lpr.spoolfile, dpr.spoolfile);
data/iraf-2.16.1+2018.11.01/unix/os/zfiolp.c:180:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy ((char *)out,
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1054:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (path, pwd->pw_dir);
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1055:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (path, &dev[1]);
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1062:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (path, dev);
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1069:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (path, dev);
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1116:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (mp->iodev, device);
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1813:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        vsnprintf (obuf, SZ_LINE, argsformat, ap);
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:187:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf (osfn, (char *)pk_osfn, getuid(), getuid());
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:540:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (access (np->path1, 0) < 0) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:546:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (access (np->path2, 0) < 0) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiopl.c:124:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (pltr.spoolfile, dpltr.spoolfile);
data/iraf-2.16.1+2018.11.01/unix/os/zfiopl.c:171:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy ((char *)out,
data/iraf-2.16.1+2018.11.01/unix/os/zfiopr.c:76:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access ((char *)osfn, 1) == ERR) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiopr.c:151:6:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    execl ((char *)osfn, (char *)osfn, "-c", (char *) 0);
data/iraf-2.16.1+2018.11.01/unix/os/zfioty.c:44:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy ((char *)ttyname, TTYNAME);
data/iraf-2.16.1+2018.11.01/unix/os/zfioty.c:46:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy ((char *)ttyname, (char *)osfn);
data/iraf-2.16.1+2018.11.01/unix/os/zfprot.c:43:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (link_name, (char *)fname);
data/iraf-2.16.1+2018.11.01/unix/os/zfprot.c:52:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (link_name, PREFIX);
data/iraf-2.16.1+2018.11.01/unix/os/zfprot.c:53:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (link_name, &((char *)fname)[first]);
data/iraf-2.16.1+2018.11.01/unix/os/zfprot.c:55:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access ((char *)fname, 0) == ERR)
data/iraf-2.16.1+2018.11.01/unix/os/zfprot.c:91:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(link_name,0) == ERR)
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:131:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat(lpath, rpath);
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:137:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat(lpath, rpath);
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:143:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat(lpath, rpath);
data/iraf-2.16.1+2018.11.01/unix/os/zmain.c:86:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (os_process_name, argv[0]);
data/iraf-2.16.1+2018.11.01/unix/os/zmain.c:154:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy ((char *)osfn_bkgfile, argv[arg]);
data/iraf-2.16.1+2018.11.01/unix/os/zopdpr.c:48:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access ((char *)osfn, 1) == ERR) {
data/iraf-2.16.1+2018.11.01/unix/os/zopdpr.c:51:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	} else if (access ((char *)bkgfile, 4) == ERR) {
data/iraf-2.16.1+2018.11.01/unix/os/zopdpr.c:132:6:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    execl ((char *)osfn, (char *)osfn, "-d", (char *)bkgfile, 
data/iraf-2.16.1+2018.11.01/unix/os/zoscmd.c:140:6:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    execl (shell, shell, "-c", cmd, (char *) 0);
data/iraf-2.16.1+2018.11.01/unix/os/zpanic.c:40:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (msg, os_process_name);
data/iraf-2.16.1+2018.11.01/unix/os/zpanic.c:42:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (msg, (char *)errmsg);
data/iraf-2.16.1+2018.11.01/unix/os/zzsetk.c:30:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (os_process_name, ospn);
data/iraf-2.16.1+2018.11.01/unix/os/zzsetk.c:31:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy ((char *)osfn_bkgfile, osbfn);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:273:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(((*fptr)->Fptr)->filename, url);      /* full input filename */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:440:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(textlist, extlist);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:646:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(infile,url);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:708:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(histfilename, outfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:717:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(filtfilename, outfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:760:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(origurltype,urltype);  /* Save the urltype */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:896:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(((*fptr)->Fptr)->filename, url);      /* full input filename */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1106:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
           strcpy(outfile, histfilename); /* the original outfile name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1157:16:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
               strcpy(outfile, filtfilename); /* the original outfile name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1193:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(outfile, filtfilename); /* the original outfile name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1259:16:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
               strcpy(outfile, filtfilename); /* the original outfile name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1301:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
           strcpy(outfile, histfilename); /* the original outfile name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1341:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
           strcpy(outfile, histfilename); /* the original outfile name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1524:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(cwd,tmpinfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1529:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(tmpinfile,infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1559:19:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                  strcat(cwd,tmpStr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1563:15:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
              strcpy(oldinfile,tmpStr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2066:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(colname, tstbuff);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2094:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(colname+1,oldname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2112:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(testname, colname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2125:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		      strcpy(colname,oldname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2154:20:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                   strcat(colname, tstbuff);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2257:20:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                   strcpy(oldname, tstbuff);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2330:20:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                   strcpy(oldname, tstbuff);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2353:23:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                      strcpy(colformat, tstbuff);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3421:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
       strcpy(token, tstbuff);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3459:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(token, tstbuff);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3484:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(token, tstbuff);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3882:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
       strcpy(outfile, url);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:4031:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(((*fptr)->Fptr)->filename, url);      /* full input filename    */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5310:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(infilex, ptr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5354:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(infile, ptr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5479:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(outfile, &infile[ii + 1]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5495:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(infilex, infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5575:18:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                 strcat(infilex, ptr3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5597:18:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                 strcat(rowfilterx, tmptr + 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5627:12:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
           strcat(rowfilter, ptr3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5794:16:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
               strcat(rowfilter, ptr3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5809:16:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
               strcat(rowfilter, ptr2 + 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5819:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(rowfilter, ptr3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5866:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(binspec, ptr1 + 1);       
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5887:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(tmpstr, ptr2+1);  /* copy any chars after the binspec */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5888:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(ptr1, tmpstr);    /* overwrite binspec */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5960:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(tmpstr, ptr2 + 1);  /* copy any chars after the colspec */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5961:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(ptr1, tmpstr);      /* overwrite binspec */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6047:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(tmpstr, ptr2 + 1);  /* copy any chars after the pixel filter */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6048:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(ptr1, tmpstr);      /* overwrite binspec */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6076:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(compspec, ptr1 + 1);       
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6097:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(tmpstr, ptr2+1);  /* copy any chars after the binspec */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6098:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(ptr1, tmpstr);    /* overwrite binspec */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6115:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(rowfilterx, rowfilter+1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6283:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(infile, ptr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6374:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(rootname, urltype);  /* construct the root name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6375:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(rootname, infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6472:14:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
             strcpy(outfile, ptr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6679:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(tmpname, extname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6873:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(urlType, driverTable[fptr->Fptr->driver].prefix);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6937:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy( lines+totalLen, line );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/checksum.c:202:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(chkcomm, datestr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/checksum.c:204:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(datacomm, datestr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/checksum.c:338:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(chkcomm, datestr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:208:18:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                 strcpy(tempname, cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:209:18:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                 strcat(tempname, filename+1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:216:18:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                 strcpy(tempname, filename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:238:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(tempname, pwd->pw_dir);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:239:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(tempname, cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:266:18:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                 strcpy(tempname, filename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:344:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(rootstring, cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:349:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(rootstring2, cpos);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:382:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(userroot, rootstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:383:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(userroot, username);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:387:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(userroot2, rootstring2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:388:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(userroot2, username);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:748:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(filename, cptr);  /* switch the names */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:772:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(tmpfilename,filename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:777:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(filename,tmpfilename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:782:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(filename, tmpfilename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:786:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(filename, tmpfilename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:790:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(filename, tmpfilename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:794:15:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
              strcpy(filename, tmpfilename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:798:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(filename, tmpfilename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:802:19:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                  strcpy(filename,tmpfilename);  /* restore original name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:862:14:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
             strcpy(file_outfile,outfile+7);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:864:14:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
             strcpy(file_outfile,outfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:766:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(userpass, url);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:827:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(tmpstr,tmpstr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:838:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(tmpstr,tmpstr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:846:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(tmpstr,tmpstr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:862:3:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
  sscanf(recbuf,"%s %d",tmpstr,&status);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:905:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	     strcpy(turl, scratchstr2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:929:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	     strcpy(url, scratchstr2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:950:14:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
             strcpy(url, scratchstr2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:977:5:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
    sscanf(recbuf,"%s %d",tmpstr,&tmpint);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:994:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(contentencoding,scratchstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1242:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(urlname, filename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1284:12:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
           strcat(urlname, filename);        
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1325:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(urlname, filename);        
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1867:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(turl,filename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2027:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ip,tstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2036:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(ip,tstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2045:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(ip,tstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2054:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(ip,tstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2147:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(turl,filename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2309:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ip,tstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2318:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(ip,tstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2327:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(ip,tstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2336:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(ip,tstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2519:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(urlcopy,url);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2582:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(host,urlcopy);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2603:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(host,urlcopy);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2621:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(fn,urlcopy);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2646:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(netoutfile,outfile1+7);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2648:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(netoutfile,outfile1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2662:14:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
             strcpy(netoutfile,outfile1+7);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2664:14:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
             strcpy(netoutfile,outfile1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2686:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(newinfile,infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2699:15:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
              strcpy(infile,newinfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2734:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(infile,newinfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2745:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(newinfile,infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2758:15:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
              strcpy(infile,newinfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2785:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
           strcpy(infile,newinfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2794:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(newinfile,infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2806:15:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
              strcpy(infile,newinfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2838:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(infile,newinfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2890:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(netoutfile,outfile1+7);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2892:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(netoutfile,outfile1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2926:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(newinfile,infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2932:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(infile,newinfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2940:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(newinfile,infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2946:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(infile,newinfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2952:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(newinfile,infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2957:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(infile,newinfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2970:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
       strcpy(netoutfile,outfile1+7);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2972:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
       strcpy(netoutfile,outfile1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3058:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(localhost,host);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3370:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(turl,url);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3391:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(recbuf,getenv("ROOTUSERNAME"));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3424:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(recbuf,getenv("ROOTPASSWORD"));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3459:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(recbuf,fn);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3461:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(recbuf,rwmode);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1105:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(tfm, tform[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1214:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(tfm, tform[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1978:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tforms[icol], tform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1979:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(ttypes[icol], ttype);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:879:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(gParse.expr,expr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:1256:20:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                   strcpy( ((char**)Data)[jj], result->value.data.str );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:1260:20:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                   strcpy( ((char**)Data)[jj], result->value.data.strptr[jj] );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:1279:20:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                   strcpy( ((char**)Data)[jj], result->value.data.str );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:1284:23:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                      strcpy( ((char**)Data)[jj],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:1287:23:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                      strcpy( ((char**)Data)[jj],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:2027:16:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
               strcpy( ((char **)gParse.colData[parNo].array)[currelem],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:2460:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy( thelval->str , keyvalue );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1028:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,OCT_0);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1031:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,OCT_1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1034:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,OCT_2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1037:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,OCT_3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1040:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,OCT_4);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1043:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,OCT_5);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1046:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,OCT_6);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1049:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,OCT_7);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1053:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,OCT_X);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1058:19:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                  strcpy( fflval.str, bitstring );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1092:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,HEX_0);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1095:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,HEX_1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1098:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,HEX_2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1101:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,HEX_3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1104:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,HEX_4);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1107:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,HEX_5);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1110:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,HEX_6);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1113:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,HEX_7);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1116:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,HEX_8);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1119:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,HEX_9);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1123:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,HEX_A);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1127:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,HEX_B);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1131:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,HEX_C);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1135:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,HEX_D);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1139:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,HEX_E);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1143:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,HEX_F);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1147:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
					strcat(bitstring,HEX_X);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1153:19:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                  strcpy( fflval.str, bitstring );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:1377:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define FFFPRINTF fprintf
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:4984:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy( this->value.data.strptr[elem       ],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:4988:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy( this->value.data.strptr[elem       ],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:5042:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	 strcpy( this->value.data.str, sptr1 );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:5043:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	 strcat( this->value.data.str, sptr2 );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:5110:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		  strcpy( this->value.data.strptr[rows], sptr1 );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:5111:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		  strcat( this->value.data.strptr[rows], sptr2 );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:5192:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	 strcpy( this->value.data.str, sptr1 );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:5193:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	 strcat( this->value.data.str, sptr2 );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:5267:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		  strcpy( this->value.data.strptr[rows], sptr1 );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:5268:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		  strcat( this->value.data.strptr[rows], sptr2 );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:6033:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(pVals[i].data.str, theParams[i]->value.data.str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:6058:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy(this->value.data.str, pVals[0].data.str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:6111:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	       strcpy(this->value.data.str,pVals[0].data.str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:6207:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy(this->value.data.str, pVals[0].data.str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:6224:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy(this->value.data.str, pVals[0].data.str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:6277:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	       strcpy(this->value.data.str, ( pVals[2].data.log ?
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:6783:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(pVals[i].data.str,
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:6788:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		     strcpy(this->value.data.strptr[row],pVals[1].data.str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:6791:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		     strcpy(this->value.data.strptr[row],pVals[0].data.str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:7462:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                        strcpy( pVals[i].data.str,
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:7468:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                        strcpy( this->value.data.strptr[row],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:7472:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                        strcpy( this->value.data.strptr[row],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:271:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(B2,str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:293:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(B2,str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:319:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(B3,str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:344:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(B3,str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:369:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(B3,str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:401:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(B3,str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:195:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(filename,(fptr->Fptr)->filename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:774:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy(errmsg, txtbuff[0]);   /* copy oldest message to output */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1074:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(card, tmpname);   /* copy keyword name to buffer */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1088:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(card, tmpname);  /* copy keyword name to buffer */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1131:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(card, tmpname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1318:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(keyname, keyroot);   /* copy root string to name string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1326:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(keyname, suffix);    /* append suffix to the root */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1352:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(keyname, keyroot);  /* append root to the prefix */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1390:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(comm, &card[8]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1418:14:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
             strcpy(comm, &card[8]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1447:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(comm, &card[8]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1556:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(comm, &card[ii]);  /*  copy the remaining characters  */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1756:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(card, keyname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1809:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(tvalue, value);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:2080:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(outrec, inrec);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:2560:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(outrec, inrec);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:2648:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(temp, &tform[ii]); /* copy format string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:2810:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(temp, &tform[ii]); /* copy format string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3011:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(temp, &tform[ii]); /* copy format string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3185:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(&cform[1], &tform[ii + 1]); /* append the width and decimal code */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3230:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(&cform[1], &tform[ii + 1]); /* append the width and decimal code */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3341:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(colname, colptr->ttype);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3354:16:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
               strcpy(colname, colptr->ttype);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3385:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(colname, colptr->ttype);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3979:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(ttype, colptr->ttype);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3985:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(tform, colptr->tform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3994:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(tnull, colptr->strnull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4087:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(ttype, colptr->ttype);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:5253:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(colptr->ttype, tvalue);  /* copy col name to structure */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:5587:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tform, colptr->tform);    /* value of TFORMn keyword            */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:5588:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(snull, colptr->strnull);  /* null value for ASCII table columns */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6684:11:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
          strcat(newform, tform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6686:11:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
          strcat(newform,lenval);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9513:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(outstr, instr);  /* no leading quote, so return input string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9583:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(tval, cval);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9659:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(tval, cval);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:192:14:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
             snprintf(tmpstr, 400,cform, earray[jj]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:206:14:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
             snprintf(tmpstr, 400,cform, earray[jj]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:259:14:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
             snprintf(tmpstr, 400,cform, darray[jj]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:273:14:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
             snprintf(tmpstr, 400,cform, darray[jj]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:316:19:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                  sprintf(array[ii],"%*s",dwidth,tmpnull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:374:19:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                  sprintf(array[ii],"%*s",dwidth,tmpnull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:525:19:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                  sprintf(array[ii],"%*s",dwidth,tmpnull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:530:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                snprintf(tmpstr, 400,cform, (int) darray[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:532:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                snprintf(tmpstr, 400,cform, darray[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:890:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(array[ii], nulval);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:268:21:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                    strcat(card, keybuf);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:780:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(unit, &comm[1]);    /*  copy the string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:940:16:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
               strcat(*value, valstring);     /* append the continued chars */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1044:16:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
               strcat(tempstring, valstring);     /* append the continued chars */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:3469:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(headptr, keybuf);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1105:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(keyvalue,tkeyvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1229:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		  strcpy(location,url[i]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1482:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy(memberFileName,memberLocation);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1483:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy(memberAccess1,memberAccess2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1541:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		      strcpy(memberLocation,memberFileName);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1545:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		      strcpy(memberLocation,cwd);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1554:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		      strcat(memberLocation,memberFileName);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1570:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		      strcpy(groupLocation,groupFileName);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1574:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		      strcpy(groupLocation,cwd);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1584:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		      strcat(groupLocation,groupFileName);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1611:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		  strcpy(memberFileName,memberLocation);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1612:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		  strcpy(groupFileName,groupLocation);		  
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1783:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(grplc,tgrplc);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1804:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			  strcpy(tmp, cwd);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1813:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			  strcat(tmp,groupLocation);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1824:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			  strcpy(tmp, cwd);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1833:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			  strcat(tmp,groupLocation);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2461:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			  strcat(cwd,grpLocation1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2462:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			  strcpy(grpLocation1,cwd);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2481:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			  strcpy(mbrLocation2,mbrLocation3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2531:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			  strcat(cwd,grpLocation2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2532:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			  strcpy(grpLocation2,cwd);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2550:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			  strcpy(mbrLocation2,mbrLocation3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3164:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		  strcpy(grpLocation3,cwd);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3173:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		  strcat(grpLocation3,grpLocation1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3180:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		  strcpy(grpLocation3,cwd);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3189:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		  strcat(grpLocation3,grpLocation2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3250:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(grplc,tgrplc);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3300:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			  strcat(grpLocation3,grplc);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3684:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ttype[i],xtension);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3685:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tform[i],xtenTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3690:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ttype[i],name);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3691:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tform[i],nameTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3696:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ttype[i],version);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3697:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tform[i],verTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3702:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ttype[i],position);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3703:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tform[i],posTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3708:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ttype[i],location);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3709:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tform[i],locTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3714:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ttype[i],URI);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3715:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tform[i],URITform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3724:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ttype[i],xtension);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3725:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tform[i],xtenTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3730:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ttype[i],name);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3731:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tform[i],nameTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3736:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ttype[i],version);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3737:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tform[i],verTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3746:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ttype[i],position);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3747:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tform[i],posTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3756:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ttype[i],xtension);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3757:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tform[i],xtenTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3762:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ttype[i],name);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3763:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tform[i],nameTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3768:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ttype[i],version);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3769:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tform[i],verTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3774:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ttype[i],position);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3775:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tform[i], posTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3785:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ttype[i],xtension);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3786:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tform[i],xtenTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3791:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ttype[i],name);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3792:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tform[i],nameTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3797:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ttype[i],version);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3798:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tform[i],verTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3803:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ttype[i],location);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3804:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tform[i],locTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3809:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ttype[i],URI);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3810:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tform[i],URITform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3819:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ttype[i],position);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3820:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tform[i],posTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3825:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ttype[i],location);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3826:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tform[i],locTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3831:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ttype[i],URI);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3832:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tform[i],URITform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4144:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat(cwd,tmpLocation);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4150:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tmpLocation,location);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4221:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(mbrLocation1,tmpPtr[0]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4253:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	      strcat(cwd,mbrLocation1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4270:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	      strcat(cwd,mbrLocation2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4282:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(mbrLocation2,mbrLocation1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4302:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		  strcat(cwd,grpLocation1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4318:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		  strcpy(mbrLocation1,mbrLocation3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4344:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		  strcat(cwd,grpLocation2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4360:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		  strcpy(mbrLocation2,mbrLocation3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4864:28:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  if(newFileName != NULL) strcpy(newFileName,HDU->newFilename[i]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4894:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(HDU->filename[i],filename2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4895:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(HDU->newFilename[i],filename2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4954:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(HDU->newFilename[i],newFileName);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5046:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(buff,inpath+1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5050:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(buff,inpath);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5413:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(buff,inpath);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5444:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(outpath,buff);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5448:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(outpath,buff);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5471:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(outpath,tmpStr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5523:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat(outpath,tmpStr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5557:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat(outpath,tmpStr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5570:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	      strcat(outpath,tmpStr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5577:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	      strcat(outpath,tmpStr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5583:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	      strcat(outpath,tmpStr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5608:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(outpath,tmpStr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5624:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(outpath,buff);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5733:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(tmpStr4,tmpStr3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5736:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(tmpStr1,tmpStr2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5756:24:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  if(strlen(outfile)) strcpy(tmpStr1,outfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5767:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy(infile,tmpPtr+3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5768:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy(tmpStr1,infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5773:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy(infile,tmpPtr+3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5774:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy(tmpStr2,infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5837:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tmpStr1,outfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5838:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tmpStr2,infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5848:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tmpStr1,outfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5858:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tmpStr1,outfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5868:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tmpStr1,outfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5888:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(tmpStr2,infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6010:32:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      if(realAccess  != NULL)  strcpy(realAccess,tmpStr3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6011:32:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      if(startAccess != NULL)  strcpy(startAccess,tmpStr4);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6090:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(outURL, inURL);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6127:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(outURL, tmp);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6341:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat(relURL,absURL+abscount);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6394:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(tmpStr,refURL);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6432:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat(tmpStr,relURL);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6515:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat(tmpStr,relURL);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:138:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(p2, extname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:177:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(p2, extname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:539:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy(cp, p2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:546:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	      strcat(cp, fname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:567:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
           strcpy(p, ngp_master_dir);		/* construct composite pathname */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:568:12:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
           strcat(p, fname);			/* comp = master + fname */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:893:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
           strcpy(ngph->tok[ngph->tokcnt].value.s, newtok->value.s);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:216:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(minname[ii], minname[0]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:217:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(maxname[ii], maxname[0]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:218:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(binname[ii], binname[0]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:401:16:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
               strcpy(colname, token+1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:404:16:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
               strcpy(colname, token);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:439:16:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
               strcpy(binname, token);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:462:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(minname, token);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:487:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(maxname, token);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:517:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(binname, token);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:906:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
           strcpy(cpref[1], cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:920:14:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
             strcpy(cpref[2], cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:934:16:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
               strcpy(cpref[3], cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:984:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy(colname[ii], cpref[ii]); /* try using the preferred column */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1583:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
           strcpy(cpref[1], cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1597:14:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
             strcpy(cpref[2], cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1611:16:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
               strcpy(cpref[3], cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1633:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy(colname[ii], cpref[ii]); /* try using the preferred column */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:940:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pixfilename,bang+1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:942:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pixfilename,pixname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1334:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (val, value);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1376:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (str, value);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1513:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (cval,v1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1530:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (cval,cpar);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:997:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1005:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1042:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1050:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1087:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1095:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1132:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1140:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1437:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1445:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1474:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1482:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1512:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1520:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1549:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1557:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolb.c:1006:12:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
           sprintf(output, cform, (double) input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolb.c:1018:11:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
          sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcold.c:1060:12:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
           sprintf(output, cform, input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcold.c:1072:11:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
          sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcole.c:1074:12:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
           sprintf(output, cform, (double) input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcole.c:1086:11:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
          sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoli.c:979:12:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
           sprintf(output, cform, (double) input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoli.c:991:11:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
          sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolj.c:992:12:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
           sprintf(output, cform, (double) input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolj.c:1004:11:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
          sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolj.c:2005:12:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
           sprintf(output, cform, (double) input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolj.c:2017:11:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
          sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolk.c:1009:12:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
           sprintf(output, cform, (double) input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolk.c:1021:11:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
          sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolsb.c:965:12:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
           sprintf(output, cform, (double) input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolsb.c:977:11:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
          sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolui.c:958:12:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
           sprintf(output, cform, (double) input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolui.c:970:11:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
          sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluj.c:966:12:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
           sprintf(output, cform, (double) input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluj.c:978:11:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
          sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluj.c:1942:12:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
           sprintf(output, cform, (double) input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluj.c:1954:11:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
          sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluk.c:983:12:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
           sprintf(output, cform, (double) input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluk.c:995:11:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
          sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:760:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:768:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:801:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:809:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:842:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:850:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:883:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:891:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:934:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(valstring, cptr);    /* append the fraction to the integer */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1021:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(card, date);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1023:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(card, tmzone);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2072:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(tdimstr, value);     /* append the axis size */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2175:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(tdimstr, value);     /* append the axis size */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2567:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(tfmt, tform[ii]);  /* required TFORMn keyword */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2692:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(tfmt, tform[ii]);  /* required TFORMn keyword */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:459:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:465:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:471:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:477:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:484:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:490:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:497:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:504:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:511:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:567:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:573:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:581:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:587:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:595:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:602:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:609:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:616:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:658:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.h:199:18:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#    if !defined(vsnprintf) && !defined(NO_vsnprintf)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.h:201:18:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#         define vsnprintf _vsnprintf
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.h:248:39:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define Trace(x) {if (z_verbose>=0) fprintf x ;}
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.h:249:39:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define Tracev(x) {if (z_verbose>0) fprintf x ;}
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.h:250:40:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define Tracevv(x) {if (z_verbose>1) fprintf x ;}
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.h:251:48:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;}
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.h:252:49:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;}
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:247:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access (dir, F_OK) < 0)
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:249:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access (dir, W_OK) < 0) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:499:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (aclist[num].url, acref);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:500:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (aclist[num].fname, "%s%u", base, 
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:524:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access (infile, F_OK) < 0) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:641:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf (lockfile, ".%s.LOCK", ofname);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:642:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf (dot, ".%s", ofname);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:644:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access (lockfile, F_OK) == 0 && access (dot, F_OK) < 0) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:644:41:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access (lockfile, F_OK) == 0 && access (dot, F_OK) < 0) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:648:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    } else if (access (lockfile, F_OK) == 0 && access (dot, F_OK) == 0) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:648:48:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    } else if (access (lockfile, F_OK) == 0 && access (dot, F_OK) == 0) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:652:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    } else if (access (lockfile, F_OK) < 0) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:662:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (fname, "%s.%s", ofname, extn);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:664:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (fname, ofname);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:727:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (new, "%s.fits", fname);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:255:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf (comment, "%s id attribute", meta);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:264:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf (comment, "%s name attribute", meta);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:274:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf (comment, "%s val attribute", meta);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:284:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf (comment, "%s unit attribute", meta);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:368:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (cell, data[i * ncols + j]);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:399:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (cell, data[i * ncols + j]);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:430:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (cell, data[i * ncols + j]);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zztest.c:55:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(col[i].name, name);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zztest.c:58:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(col[i].ucd, ucd);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votAttr.c:84:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy (attr->name, name_m);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votAttr.c:89:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy (attr->name, name_m);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votAttr.c:159:25:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                        strcat (out, attr->name);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votAttr.c:161:25:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                        strcat (out, attr->value);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votElement.c:188:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf (XML_out, "</%s>", vot_elemName (e));
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votElement.c:203:19:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
#define outstr(s)	strcat(XML_out,s);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votElement.c:282:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy (req_attr, ablock->req);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:285:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    } else if (access (arg, R_OK) == 0) { 	   /* input from file 	*/ 
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2136:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy (cname, atest);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2789:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access (oname, F_OK) == 0)	/* remove an existing file	*/
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2931:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (extname, tname);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2997:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf (comment, "%s name attribute", meta);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3007:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf (comment, "%s val attribute", meta);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3017:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf (comment, "%s id attribute", meta);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3027:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf (comment, "%s unit attribute", meta);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3123:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (cell, data[i * ncols + j]);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3153:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (cell, data[i * ncols + j]);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3184:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (cell, data[i * ncols + j]);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3214:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy (cell, data[i * ncols + j]);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3272:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf (cmd, 
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3276:5:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    system (cmd);
data/iraf-2.16.1+2018.11.01/math/slalib/rtl_random.c:30:7:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
      srand(*iseed);
data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/apphotdef.h:34:50:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
define	AP_SEQUENTIAL	Memi[$1+21]	# Sequential or random access
data/iraf-2.16.1+2018.11.01/pkg/dataio/fits/rfits.h:68:42:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
define	PCOUNT		Memi[$1+12]	  # Number of random parameters
data/iraf-2.16.1+2018.11.01/pkg/dataio/fits/wfits.h:101:34:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
define	KEY_PCOUNT	2		# Number of random parameter
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:39:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
extern	char *getenv(const char *);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:305:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	    if ((ip = getenv("IRAFULIB")))
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:358:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ((ip = getenv("IRAFULIB")))
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:220:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt (argc, argv, "vVdltp:Q:Y:P:b:")) != EOF)
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/getenv_.c:4:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
extern char *F77_aloc(), *getenv();
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/getenv_.c:42:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			ep = getenv(buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/getenv_.c:50:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	ep = getenv(fp);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:203:18:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
		if (!(tmpdir = tmpnam(tdbuf))) {
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h:157:9:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
define  getopt  xgtopt
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h:158:9:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
define  getopt  xgtopt
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:50:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
#define	getenv		envget
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:88:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ( (irafarch = getenv("IRAFARCH")) ) {
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:81:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
char	*gettok(), *getenv();
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:196:35:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		    if (!o_mtdev[0] && (token = getenv ("TAPE")))
data/iraf-2.16.1+2018.11.01/unix/os/zawset.c:41:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	int debug = (getenv(ENV_DEBUG) != NULL);
data/iraf-2.16.1+2018.11.01/unix/os/zawset.c:79:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	    if ( (s = getenv ("MAXWORKSET")) ) {
data/iraf-2.16.1+2018.11.01/unix/os/zfaloc.c:67:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ( (s = getenv ("ZFALOC")) ) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:487:34:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
	sprintf (buf, "access %s %s\n", realpath(fname,pathname), modestr);
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:557:31:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
	sprintf (buf, "delete %s\n", realpath(fname,pathname));
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:687:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ((argp = getenv (ENV_VMPORT)))
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:693:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ((argp = getenv (ENV_VMCLIENT))) {
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:679:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	    if ((nretryp = getenv(KS_RETRY)))
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:744:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			if (getenv (KS_RETRY) && nretries--) {
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:757:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			if (getenv (KS_NO_RETRY) || ntries++) {
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:793:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		    rshcmd = (s = getenv(KSRSH)) ? s : RSH;
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1547:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ((authp = getenv(KSAUTH)) && (auth = atoi(authp)))
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:35:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ((ip = getenv ((char *)envvar)) == NULL)
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:93:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	return (getenv(envvar));
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:112:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	lpath = getenv("TMPDIR");
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:127:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	rpath = getenv("CPPFLAGS");
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:133:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	rpath = getenv("CFLAGS");
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:139:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	rpath = getenv("iraf");
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:152:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	rpath = getenv("LDFLAGS");
data/iraf-2.16.1+2018.11.01/unix/os/zgtime.c:35:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *source_date_epoch = getenv("SOURCE_DATE_EPOCH");
data/iraf-2.16.1+2018.11.01/unix/os/zmain.c:117:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		if (getenv (LOGIPC)) {
data/iraf-2.16.1+2018.11.01/unix/os/zoscmd.c:61:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	} else if ((shell = getenv ("SHELL")) == NULL)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:202:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            cptr = getenv("HOME");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:328:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    cptr = getenv("HERA_DATA_DIRECTORY");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:780:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  proxy = getenv("http_proxy");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1258:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
     verify = getenv("CFITSIO_VERIFY_HTTPS");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3385:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (NULL != getenv("ROOTUSERNAME")) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3386:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (strlen(getenv("ROOTUSERNAME")) > MAXLEN-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3391:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    strcpy(recbuf,getenv("ROOTUSERNAME"));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3418:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (NULL != getenv("ROOTPASSWORD")) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3419:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (strlen(getenv("ROOTPASSWORD")) > MAXLEN-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3424:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    strcpy(recbuf,getenv("ROOTPASSWORD"));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:180:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
   if (NULL != (p = getenv(SHARED_ENV_KEYBASE))) shared_kbase = atoi(p);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:185:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
   if (NULL != (p = getenv(SHARED_ENV_MAXSEG))) shared_maxseg = atoi(p);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:2608:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
   DEBUG_PIXFILTER = getenv("DEBUG_PIXFILTER") ? 1 : 0;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:528:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
       envar = getenv("CFITSIO_INCLUDE_FILES");	/* scan env. variable, and retry to open */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/simplerng.c:62:3:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  srand(seed);
data/iraf-2.16.1+2018.11.01/include/drvrsmem.h:85:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	      {	char	ID[2];		/* ID = 'JB', just as a checkpoint */
data/iraf-2.16.1+2018.11.01/lib/finfo.h:5:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define	FI_SZOWNER	15		# char ownerid[FI_SZOWNER]
data/iraf-2.16.1+2018.11.01/lib/fio.h:44:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			# (open)
data/iraf-2.16.1+2018.11.01/lib/fio.h:48:57:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
# Channel descriptor (stored in fd if file not multiply open).  The DEVPAR
data/iraf-2.16.1+2018.11.01/lib/fio.h:73:34:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	FF_KEEP		40B		# keep file open after task quits?
data/iraf-2.16.1+2018.11.01/lib/fio.h:120:28:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	STRING_FILE	(-1)		# open a string as a file
data/iraf-2.16.1+2018.11.01/lib/fmset.h:5:48:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	FM_FCACHESIZE		2	#RW number of files in open file cache
data/iraf-2.16.1+2018.11.01/lib/fset.h:24:41:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	F_FILEWAIT	18	#  is file wait on open enabled [y/n]
data/iraf-2.16.1+2018.11.01/lib/fset.h:36:30:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	F_OPEN		30	#r is file open
data/iraf-2.16.1+2018.11.01/lib/gio.h:125:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define	GL_AXISLABELSIZE Memr[P2R($1+8)]	# char size of axis labels
data/iraf-2.16.1+2018.11.01/lib/gio.h:126:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define	GL_AXISLABELCOLOR Memi[$1+9]		# char size of axis labels
data/iraf-2.16.1+2018.11.01/lib/gio.h:137:44:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define	GL_TICKLABELSIZE Memr[P2R($1+20)]	# char size of tick labels
data/iraf-2.16.1+2018.11.01/lib/gio.h:138:41:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define	GL_TICKLABELCOLOR Memi[$1+21]		# char size of tick labels
data/iraf-2.16.1+2018.11.01/lib/imset.h:17:34:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	IM_IMAGENAME	15	# name of open image section
data/iraf-2.16.1+2018.11.01/math/slalib/sla.c:443:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void slaDd2tf ( int ndp, double days, char *sign, int ihmsf[4] ) {
data/iraf-2.16.1+2018.11.01/math/slalib/sla.c:469:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
slaDr2tf( int ndp, double angle, char * sign, int ihmsf[4] )  {
data/iraf-2.16.1+2018.11.01/math/slalib/sla.c:495:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
slaDr2af( int ndp, double angle, char * sign, int idmsf[4] )  {
data/iraf-2.16.1+2018.11.01/math/slalib/sla.c:1644:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void slaDeuler ( const char *order, double phi, double theta, double psi,
data/iraf-2.16.1+2018.11.01/math/slalib/sla.c:2289:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void slaPreces ( const char sys[3], double ep0, double ep1,
data/iraf-2.16.1+2018.11.01/math/slalib/slaTest.c:64:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char telname[41];
data/iraf-2.16.1+2018.11.01/math/slalib/slaTest.c:65:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char telshort[11];
data/iraf-2.16.1+2018.11.01/math/slalib/slaTest.c:94:31:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  h = -1.0; w = 0.0; p = 0.0; strcpy( telshort, "unknown" );
data/iraf-2.16.1+2018.11.01/math/slalib/slalib.h:85:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void slaCd2tf ( int ndp, float days, char *sign, int ihmsf[4] );
data/iraf-2.16.1+2018.11.01/math/slalib/slalib.h:93:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void slaCr2af ( int ndp, float angle, char *sign, int idmsf[4] );
data/iraf-2.16.1+2018.11.01/math/slalib/slalib.h:95:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void slaCr2tf ( int ndp, float angle, char *sign, int ihmsf[4] );
data/iraf-2.16.1+2018.11.01/math/slalib/slalib.h:129:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void slaDd2tf ( int ndp, double days, char *sign, int ihmsf[4] );
data/iraf-2.16.1+2018.11.01/math/slalib/slalib.h:134:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void slaDeuler ( const char *order, double phi, double theta, double psi,
data/iraf-2.16.1+2018.11.01/math/slalib/slalib.h:159:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void slaDr2af ( int ndp, double angle, char *sign, int idmsf[4] );
data/iraf-2.16.1+2018.11.01/math/slalib/slalib.h:161:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void slaDr2tf ( int ndp, double angle, char *sign, int ihmsf[4] );
data/iraf-2.16.1+2018.11.01/math/slalib/slalib.h:240:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void slaEuler ( const char *order, float phi, float theta, float psi,
data/iraf-2.16.1+2018.11.01/math/slalib/slalib.h:338:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void slaOapqk ( const char *type, double ob1, double ob2, double aoprms[14],
data/iraf-2.16.1+2018.11.01/math/slalib/slalib.h:393:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void slaPreces ( const char sys[3], double ep0, double ep1,
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:81:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	res[2*SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:193:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char    *cp, format[MAX_DIGITS];
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:203:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			newnum = atoi(cp) + (int)VALU(&o2);
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:204:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf (format, "%%0%dd", strlen (cp));
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:215:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf (cp, "%d", (int)VALU(&o2));
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:224:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char s2[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:266:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (res, "%r*", o2.o_val.v_i, lval);
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:76:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	bkgmsg[SZ_BKGMSG+1];		/* passed to kernel		*/
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:91:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	b_cmd[SZ_CMD+1];	/* command entered by user	*/
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:129:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	clprocess[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:177:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char  buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:178:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (buf, "Start [%d]", jobno);
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:383:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char  buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:384:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (buf, "Stop [%d]", job);
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:398:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	bkg_query_file[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:399:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	query_response_file[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:415:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	bkg_query_file[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:416:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	query_response_file[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:67:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	devname[SZ_DEVNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:99:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	 owner[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:181:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pfilename[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:238:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:424:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static	char cd_curr[SZ_PATHNAME];	/* current directory	*/
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:425:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static	char cd_prev[SZ_PATHNAME];	/* previous directory	*/
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:478:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	dirname[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:540:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    	char  buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:543:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy (buf, "ERROR: ");
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1047:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	outbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1336:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	val[SZ_VALUE];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1367:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	sttycmd[2048], args[1024], *argp[100];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1515:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	oscmd[1024], args[1024], *argp[100], *ap;
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1559:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char    osfn[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1621:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmpfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1621:8:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		char tmpfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1626:28:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		if (!c_mktemp ("tmp$ft", tmpfile, SZ_PATHNAME))
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1627:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		    strcpy (tmpfile, "tmp$ft.out");
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1627:15:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		    strcpy (tmpfile, "tmp$ft.out");
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1628:23:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		c_oscmd (oscmd, in, tmpfile, append_all ? tmpfile : err);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1628:45:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		c_oscmd (oscmd, in, tmpfile, append_all ? tmpfile : err);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1633:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((fp = fopen (tmpfile, "r")) != NULL &&
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1633:20:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		if ((fp = fopen (tmpfile, "r")) != NULL &&
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1634:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			(outfp = fopen (out, "a")) != NULL) {
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1643:13:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		c_delete (tmpfile);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1852:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1913:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	oscmd[SZ_LINE], os_filelist[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1914:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	osfn[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1957:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	device[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1958:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	owner[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:2021:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	device[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:2022:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	owner[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:2083:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	device[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/clprintf.c:119:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/clsystem.c:24:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	outfile[SZ_PATHNAME], errfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/clsystem.c:54:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((fp = fopen (outfile, "r")) != NULL) {
data/iraf-2.16.1+2018.11.01/pkg/cl/clsystem.c:62:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((fp = fopen (errfile, "r")) != NULL) {
data/iraf-2.16.1+2018.11.01/pkg/cl/debug.c:349:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	while ((fp[fn] = fopen (fname, "r")) != NULL) {
data/iraf-2.16.1+2018.11.01/pkg/cl/debug.c:411:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lbuf[SZ_COMMAND], obuf[SZ_COMMAND];
data/iraf-2.16.1+2018.11.01/pkg/cl/decl.c:755:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*p, buf[PF_MAXLIN+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/decl.c:797:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*p, buf[PF_MAXLIN+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:41:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static	char ed_editorcmd[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:51:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char 	editor[SZ_FNAME];	/* the name of the editor	 */
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:114:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	string[SZ_LINE];/* an edcap string from the .ed file	*/
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:115:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	label[SZ_LINE];	/* the key-sequence label (keyword)	*/
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:116:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	escape[SZ_LINE];/* the escape sequence in c octal	*/
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:117:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	name[SZ_LINE];	/* the keystroke name, for HELP		*/
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:118:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fname[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:124:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen (fname, "r");
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:128:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    fp = fopen (fname, "r");
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:288:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	cmd_string[9];
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:337:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	sbuf[MAX_COMMANDS*COLWIDTH];
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:338:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*strp[MAX_COMMANDS];
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:357:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (strp[nstrs], "%8w%-10.10s = %-11.11s%2w",
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:55:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static  char  	dbg[SZ_LINE];	   		   /* for formatting msgs */
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:81:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static	char e_nextpset[SZ_FNAME+1];	/* next pset to be edited	      */
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:107:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char    newpset[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:108:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	runcmd[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:197:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	string[G_MAXSTRING];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:370:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	        sprintf (dbg, "parmlist: %d %d %d  ", 
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:374:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf (dbg, " maxpage = %d  ", maxpage);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:377:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (dbg, "topkeys : %d  ", topkeys[i]);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:380:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (dbg, "numkeys = %d  ", numkeys);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:411:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	outbuf[MAXPROMPT];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:443:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf (outbuf, "(%-7.7s) ", parmlist[keyid]->p_name);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:445:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf (outbuf, "%-8.8s  ", parmlist[keyid]->p_name);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:490:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	string[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:553:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	valuebuf[MAXPROMPT];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:554:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tempbuf[MAXPROMPT];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:575:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (tempbuf, "(%-7.7s=", parmlist[keyid]->p_name);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:577:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	        sprintf (tempbuf, "%-8.8s=", parmlist[keyid]->p_name);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:637:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char valuebuf[G_MAXSTRING];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:638:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char colbuf[16];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:661:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf (colbuf,"       ***");
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:668:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf (colbuf, "%10g ", o.o_val.v_r);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:674:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    	sprintf (colbuf, "%10.10s ", valuebuf);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:707:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char message[SZ_LINE+1];/* error message string			  */
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:721:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char    outstring[G_MAXSTRING];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:762:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (message, "Expected %d elements on this line",numonrow);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:805:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static	char	message[SZ_LINE];	/* used by e_rpterror and e_clrerror */
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:994:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char *firstchr[MAX_COMMANDS]; /*array of character pointers */
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:995:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char string[G_MAXSTRING];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:996:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	arglist[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1142:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char    oldword[G_MAXSTRING];   /* save the deleted word            */
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1143:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char    oldline[G_MAXSTRING];	/* save the deleted line            */
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1144:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tempstr[G_MAXSTRING];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1595:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE+1], *pset;
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1801:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	errmsg[SZ_LINE+1], *errfmt, *errarg;
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1972:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (dbg, "nextline=%d, nextkey=%d line=%d keys=%d", 
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:2068:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	obuf[512];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:2142:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	lbuf[512], *line;
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.h:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	e_pset[SZ_FNAME+1];	/* pset name (task or file)	*/
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.h:99:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char escape[SZ_ESCAPE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.h:100:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char keystroke[SZ_KEYSTROKE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.h:104:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *cmdnames[MAX_COMMANDS];
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:260:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE	*fopen();
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:353:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		    currentask->t_in = fopen ("dev$null", "r");
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:377:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char nabuf[FAKEPARAMLEN];
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:378:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (nabuf, "$nargs,i,h,%d\n", pfp->pf_n);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:427:22:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    newtask->t_in = fopen ("dev$null", "r");
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:435:22:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    newtask->t_in = fopen (newtask->t_ltp->lt_pname, "r");
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:448:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char    startup_msg[SZ_STARTUPMSG+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:492:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    	char  logmsg[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:531:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	redir[20];
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:552:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat (cmd, " < $");
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:554:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat (cmd, " > $");
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:556:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (redir, " %d> $", STDERR);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:562:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (redir, " %d> $", STDGRAPH);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:566:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (redir, " %d> $", STDIMAGE);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:570:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (redir, " %d> $", STDPLOT);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:603:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char   buf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:604:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char   val[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:685:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char bin_path[SZ_PATHNAME+1], loc_path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:686:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	root[SZ_FNAME+1], root_path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:687:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	bindir[SZ_FNAME+1], *ip = NULL, *arch = NULL;
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:688:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	bin_root[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:1260:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[128];
data/iraf-2.16.1+2018.11.01/pkg/cl/globals.c:110:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	*cmdnames[MAX_COMMANDS] = {
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:153:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char  message[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:159:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char   str[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:164:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (message, " (minimum=");
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:170:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat (message, ": maximum=");
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:191:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char  message[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:194:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char    str[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:197:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (message, " choose: ");
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:56:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern  char  cmdblk[SZ_CMDBLK+1]; /* current command block (in history.c) */
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:191:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char sb[REALWIDTH];
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:192:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (sb, "%e", EPSILON);
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:300:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:310:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf (p, "%0.12s = ", pp->p_name);
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:323:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char   ibuf[15]; /* Maximum length of an index range should
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:339:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf (ibuf, "%d:%d", amin, amax);
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:341:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf (ibuf, "%d", amax);
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:441:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:479:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[4096], *list[MAXMENU];
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:573:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*pts[3];
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:574:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char	buffer[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:748:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	sbuf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:985:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char fname[SZ_PIPEFILENAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:47:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	raw_cmdblk[SZ_CMDBLK+1];/* saves raw command for history (for scripts)*/
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:48:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	cmdblk[SZ_CMDBLK+1];	/* command block buffer			*/
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:54:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	histbuf[SZ_HISTBUF+1];	/* history buffer			*/
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:174:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	raw_cmd[SZ_LINE+1];	/* buffer for raw command line	*/
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:175:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	new_cmd[SZ_CMDBLK+1];	/* temporary for processed cmd	*/
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:366:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	last_command_block[SZ_CMDBLK+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:401:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		record = -atoi(ip++);
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:403:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		record = histnum - atoi(ip) + 1;
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:451:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pattern[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:530:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pattern[SZ_LINE+1], text[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:632:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	cmdblk[SZ_CMDBLK+1], *argp[100];
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:910:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*recptr[MAX_SHOWHIST];
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:911:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	cmdblk[SZ_CMDBLK+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:982:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((fp = fopen (logfile(), "a"))) {
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:1004:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((logfp = fopen (fname, "a")) == NULL) {
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:1028:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((fp = fopen (fname, "a")) == NULL) {
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:1084:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char datebuf[64];
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:1112:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	msg[SZ_LOGBUF], job[5];
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:1124:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    	sprintf (job, "[%d] ", bkgno);
data/iraf-2.16.1+2018.11.01/pkg/cl/lexicon.c:219:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			    char   bkgmsg[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/lexyy.c:721:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char yytext[YYLMAX];
data/iraf-2.16.1+2018.11.01/pkg/cl/lexyy.c:723:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char yysbuf[YYLMAX];
data/iraf-2.16.1+2018.11.01/pkg/cl/lists.c:57:31:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    else if ((pp->p_listfp = fopen (filename, "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:350:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	alt_loginfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:351:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	clstartup[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:352:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	clprocess[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:471:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char global[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:483:17:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                strcpy (global, "/etc/iraf/login.cl");
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:525:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	logoutfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:531:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen (logoutfile, "r")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:691:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	errmsg[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:271:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_PROMPTBUF+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:300:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	source[33];
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:308:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy (source, "stdgraph");
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:311:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy (source, "stdimage");
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:333:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char    str[SZ_LINE+1], keystr[10];
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:343:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			    sprintf (keystr, "%c", key);
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:345:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			    sprintf (keystr, "\\%03o", key);
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:548:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char	tbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:633:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char	readbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:765:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	bqfile[SZ_PATHNAME], qrfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:779:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen (bqfile, "w")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:805:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((in = fopen (qrfile, "r")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:829:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	bqfile[SZ_PATHNAME], qrfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:830:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	qrtemp[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:831:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	response[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:840:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen (bqfile, "r")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:859:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen (qrtemp, "w")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:174:31:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((newtask->t_stdout = fopen (fname, mode)) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:207:31:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((newtask->t_stderr = fopen (fname, mode)) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:244:31:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((newtask->t_stdout = fopen (fname, mode)) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:362:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	s1[1024+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:918:31:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((newtask->t_stdout = fopen (fname, mode)) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:945:30:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((newtask->t_stdin = fopen (fname, mode)) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:981:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen (fname, count > 1 ? "ab" : "wb")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:1096:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	format[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:1141:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	format[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:1142:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pname[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:60:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (outstr, "%d", op->o_val.v_i);
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:64:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (outstr, "%g", op->o_val.v_r);
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:111:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	outstr[MAXPROMPT+1], *out;
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:112:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	newstr[SZ_LINE], *new;
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:266:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char numstr[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:273:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (numstr, "%d", o.o_val.v_i);
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:277:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (numstr, "%g", o.o_val.v_r);
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:319:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	hexnum[MAX_DIGITS];
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:370:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy (hexnum, "0x");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:397:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	mode[5];	/* used to turn bits into string	*/
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:399:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[20];	/* to stuff the expanded type in	*/
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:481:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	        strcpy (--bp, "struct");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:483:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	        strcpy (--bp, "gcur");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:485:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	        strcpy (--bp, "imcur");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:487:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	        strcpy (--bp, "ukey");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:489:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	        strcpy (--bp, "pset");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:603:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char	redir[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:779:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	sbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:800:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	sbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:968:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[20];
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:1026:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy (--bp, "struct");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:1028:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy (--bp, "gcur");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:1030:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy (--bp, "imcur");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:1032:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy (--bp, "ukey");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:1034:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy (--bp, "pset");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:1306:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (pp->p_name, "$%d", pos);
data/iraf-2.16.1+2018.11.01/pkg/cl/param.h:171:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pf_pfilename[SZ_FNAME+1];	/* file to be updated	*/
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:163:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	usr_pfile[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:164:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pkg_pfile[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:165:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pkgdir[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:301:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		    if ((fp = fopen (pkg_pfile, "r")) != NULL) {
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:460:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:471:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen (pfilename, "r")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:604:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pfname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:617:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy (dot ? dot : op, ".par");
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:633:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen (pfname, "w")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:674:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pfilename[SZ_FNAME];	/* user pfile			*/
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:675:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pkgdir[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:764:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	temp[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1277:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		len = atoi (s);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1291:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char initbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1580:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    *(pp->p_aval.a_i + i) = atoi(s);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1625:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	*val = atoi(str);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1651:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char readbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1653:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE];	/* working scratch buffer		*/
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1843:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	strings[4][25];
data/iraf-2.16.1+2018.11.01/pkg/cl/prcache.c:77:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pr_name[SZ_PATHNAME+1];	/* filename of process		*/
data/iraf-2.16.1+2018.11.01/pkg/cl/prcache.c:307:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pname[MAXSUBPROC][SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/prcache.c:448:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	nodename[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/prcache.c:449:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	out[100];
data/iraf-2.16.1+2018.11.01/pkg/cl/scan.c:60:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/scan.c:210:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/scan.c:211:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*v[MAXARGS];
data/iraf-2.16.1+2018.11.01/pkg/cl/task.c:341:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/unop.c:45:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fname[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/unop.c:46:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	ch, sbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:242:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	curr_param[SZ_FNAME];	/* Parameter name of ref's		*/
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:243:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	curr_task[SZ_FNAME];	/* ltaskname of command 		*/
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:281:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern	char	cmdblk[SZ_CMDBLK+1];	/* Command buffer in history.c */
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:1640:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:1657:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char yyformat[sizeof yyunexpected
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:1825:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char yymsgbuf[128];
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:3351:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			    char    pname[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:82:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	res[2*SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:236:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char    *cp, format[MAX_DIGITS];
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:246:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			newnum = atoi(cp) + (int)VALU(&o2);
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:247:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf (format, "%%0%dd", strlen (cp));
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:258:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf (cp, "%d", (int)VALU(&o2));
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:267:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char s2[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:308:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (res, "%r*", o2.o_val.v_i, lval);
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:76:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	bkgmsg[SZ_BKGMSG+1];		/* passed to kernel		*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:91:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	b_cmd[SZ_CMD+1];	/* command entered by user	*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:130:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	clprocess[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:179:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char  buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:180:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (buf, "Start [%d]", jobno);
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:378:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char  buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:379:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (buf, "Stop [%d]", job);
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:391:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	bkg_query_file[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:392:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	query_response_file[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:406:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	bkg_query_file[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:407:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	query_response_file[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:72:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	devname[SZ_DEVNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:104:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	 owner[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:187:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pfilename[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:241:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:451:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static	char cd_curr[SZ_PATHNAME];	/* current directory	*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:452:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static	char cd_prev[SZ_PATHNAME];	/* previous directory	*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:505:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	dirname[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:588:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    	char  buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:591:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy (buf, "ERROR: ");
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:637:17:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                strcpy (errcom.script, "CL");
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1152:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	outbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1445:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	val[SZ_VALUE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1476:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	sttycmd[2048], args[1024], *argp[100];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1622:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	oscmd[1024], args[1024], *argp[100], *ap;
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1666:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char    osfn[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1727:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmpfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1727:8:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		char tmpfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1732:28:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		if (!c_mktemp ("tmp$ft", tmpfile, SZ_PATHNAME))
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1733:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		    strcpy (tmpfile, "tmp$ft.out");
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1733:15:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		    strcpy (tmpfile, "tmp$ft.out");
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1734:23:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		c_oscmd (oscmd, in, tmpfile, append_all ? tmpfile : err);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1734:45:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		c_oscmd (oscmd, in, tmpfile, append_all ? tmpfile : err);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1739:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((fp = fopen (tmpfile, "r")) != NULL &&
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1739:20:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		if ((fp = fopen (tmpfile, "r")) != NULL &&
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1740:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			(outfp = fopen (out, "a")) != NULL) {
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1749:13:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		c_delete (tmpfile);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1957:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2018:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	oscmd[SZ_LINE], os_filelist[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2019:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	osfn[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2062:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	device[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2063:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	owner[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2126:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	device[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2127:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	owner[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2188:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	device[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2250:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static  char handler[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/clprintf.c:119:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/clsystem.c:23:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	outfile[SZ_PATHNAME], errfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/clsystem.c:53:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((fp = fopen (outfile, "r")) != NULL) {
data/iraf-2.16.1+2018.11.01/pkg/ecl/clsystem.c:61:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((fp = fopen (errfile, "r")) != NULL) {
data/iraf-2.16.1+2018.11.01/pkg/ecl/debug.c:374:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	while ((fp[fn] = fopen (fname, "r")) != NULL) {
data/iraf-2.16.1+2018.11.01/pkg/ecl/debug.c:431:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lbuf[SZ_COMMAND], obuf[SZ_COMMAND];
data/iraf-2.16.1+2018.11.01/pkg/ecl/decl.c:755:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*p, buf[PF_MAXLIN+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/decl.c:805:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*p, buf[PF_MAXLIN+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:41:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static	char ed_editorcmd[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:51:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char 	editor[SZ_FNAME];	/* the name of the editor	 */
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:114:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	string[SZ_LINE];/* an edcap string from the .ed file	*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:115:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	label[SZ_LINE];	/* the key-sequence label (keyword)	*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:116:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	escape[SZ_LINE];/* the escape sequence in c octal	*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:117:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	name[SZ_LINE];	/* the keystroke name, for HELP		*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:118:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fname[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:124:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen (fname, "r");
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:128:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    fp = fopen (fname, "r");
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:288:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	cmd_string[9];
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:337:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	sbuf[MAX_COMMANDS*COLWIDTH];
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:338:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*strp[MAX_COMMANDS];
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:356:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (strp[nstrs], "%8w%-10.10s = %-11.11s%2w",
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:55:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static  char  	dbg[SZ_LINE];	   		   /* for formatting msgs */
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:81:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static	char e_nextpset[SZ_FNAME+1];	/* next pset to be edited	      */
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:101:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	epar_cmdbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:116:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char    newpset[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:117:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	runcmd[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:209:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	string[G_MAXSTRING];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:382:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	        sprintf (dbg, "parmlist: %d %d %d  ", 
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:386:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf (dbg, " maxpage = %d  ", maxpage);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:389:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (dbg, "topkeys : %d  ", topkeys[i]);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:392:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (dbg, "numkeys = %d  ", numkeys);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:423:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	outbuf[MAXPROMPT];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:455:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf (outbuf, "(%-7.7s) ", parmlist[keyid]->p_name);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:457:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf (outbuf, "%-8.8s  ", parmlist[keyid]->p_name);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:502:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	string[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:565:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	valuebuf[MAXPROMPT];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:566:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tempbuf[MAXPROMPT];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:587:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (tempbuf, "(%-7.7s=", parmlist[keyid]->p_name);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:589:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	        sprintf (tempbuf, "%-8.8s=", parmlist[keyid]->p_name);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:649:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char valuebuf[G_MAXSTRING];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:650:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char colbuf[16];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:673:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf (colbuf,"       ***");
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:680:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf (colbuf, "%10g ", o.o_val.v_r);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:686:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    	sprintf (colbuf, "%10.10s ", valuebuf);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:719:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char message[SZ_LINE+1];/* error message string			  */
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:733:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char    outstring[G_MAXSTRING];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:774:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (message, "Expected %d elements on this line",numonrow);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:817:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static	char	message[SZ_LINE];	/* used by e_rpterror and e_clrerror */
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1006:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char *firstchr[MAX_COMMANDS]; /*array of character pointers */
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1007:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char string[G_MAXSTRING];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1008:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	arglist[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1154:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char    oldword[G_MAXSTRING];   /* save the deleted word            */
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1155:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char    oldline[G_MAXSTRING];	/* save the deleted line            */
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1156:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tempstr[G_MAXSTRING];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1607:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE+1], *pset;
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1813:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	errmsg[SZ_LINE+1], *errfmt, *errarg;
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1984:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (dbg, "nextline=%d, nextkey=%d line=%d keys=%d", 
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:2080:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	obuf[512];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:2154:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	lbuf[512], *line;
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.h:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	e_pset[SZ_FNAME+1];	/* pset name (task or file)	*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.h:99:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char escape[SZ_ESCAPE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.h:100:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char keystroke[SZ_KEYSTROKE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.h:104:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *cmdnames[MAX_COMMANDS];
data/iraf-2.16.1+2018.11.01/pkg/ecl/errs.c:352:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char opt[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/errs.h:26:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char errmsg[SZ_LINE+1];     /* error message string                 */
data/iraf-2.16.1+2018.11.01/pkg/ecl/errs.h:27:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char task[SZ_FNAME+1];      /* task posting the error               */
data/iraf-2.16.1+2018.11.01/pkg/ecl/errs.h:28:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char script[SZ_FNAME+1];    /* script calling task			*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:301:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE	*fopen();
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:397:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		    currentask->t_in = fopen ("dev$null", "r");
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:421:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char nabuf[FAKEPARAMLEN];
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:422:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (nabuf, "$nargs,i,h,%d\n", pfp->pf_n);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:471:22:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    newtask->t_in = fopen ("dev$null", "r");
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:480:22:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    newtask->t_in = fopen (newtask->t_ltp->lt_pname, "r");
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:493:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char    startup_msg[SZ_STARTUPMSG+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:537:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    	char  logmsg[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:576:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	redir[20];
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:597:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat (cmd, " < $");
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:599:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat (cmd, " > $");
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:601:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (redir, " %d> $", STDERR);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:607:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (redir, " %d> $", STDGRAPH);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:611:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (redir, " %d> $", STDIMAGE);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:615:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (redir, " %d> $", STDPLOT);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:648:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char   buf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:649:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char   val[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:730:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char bin_path[SZ_PATHNAME+1], loc_path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:731:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	root[SZ_FNAME+1], root_path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:732:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	bindir[SZ_FNAME+1], *ip = NULL, *arch = NULL;
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:733:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	bin_root[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:1328:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char 	buf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:1335:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    fp = fopen (fname, "r");		/* open the script 	*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:1378:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[128];
data/iraf-2.16.1+2018.11.01/pkg/ecl/globals.c:108:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	*cmdnames[MAX_COMMANDS] = {
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:38:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:148:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char  message[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:154:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char   str[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:159:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (message, " (minimum=");
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:165:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat (message, ": maximum=");
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:184:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char  message[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:187:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char    str[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:190:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (message, " choose: ");
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:114:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern  char  cmdblk[SZ_CMDBLK+1]; /* current command block (in history.c) */
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:171:25:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
#define retconst(val)	{ sprintf (sb, "%g", val); \
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:233:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char    sb[REALWIDTH];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:274:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (sb, "%e", EPSILON);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:392:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:402:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf (p, "%0.12s = ", pp->p_name);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:415:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char   ibuf[15]; /* Maximum length of an index range should
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:431:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf (ibuf, "%d:%d", amin, amax);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:433:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf (ibuf, "%d", amax);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:527:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:562:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[4096], *list[MAXMENU];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:648:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*pts[3];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:649:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char	buffer[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:793:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	sbuf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:1137:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char fname[SZ_PIPEFILENAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:47:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	raw_cmdblk[SZ_CMDBLK+1];/* saves raw command for history (for scripts)*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:48:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	cmdblk[SZ_CMDBLK+1];	/* command block buffer			*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:49:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	prompt[SZ_CMDBLK+1];	/* command prompt			*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:55:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	histbuf[SZ_HISTBUF+1];	/* history buffer			*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:174:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	raw_cmd[SZ_LINE+1];	/* buffer for raw command line	*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:175:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	new_cmd[SZ_CMDBLK+1];	/* temporary for processed cmd	*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:372:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	        char buf[SZ_CMDBLK];
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:410:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	last_command_block[SZ_CMDBLK+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:445:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		record = -atoi(ip++);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:447:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		record = histnum - atoi(ip) + 1;
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:492:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pattern[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:571:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pattern[SZ_LINE+1], text[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:670:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	cmdblk[SZ_CMDBLK+1], *argp[100];
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:939:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*recptr[MAX_SHOWHIST];
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:940:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	cmdblk[SZ_CMDBLK+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:1014:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy (prompt, "ecl> ");
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:1044:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((fp = fopen (logfile(), "a"))) {
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:1066:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((logfp = fopen (fname, "a")) == NULL) {
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:1090:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((fp = fopen (fname, "a")) == NULL) {
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:1146:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char datebuf[64];
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:1174:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	msg[SZ_LOGBUF], job[5];
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:1186:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    	sprintf (job, "[%d] ", bkgno);
data/iraf-2.16.1+2018.11.01/pkg/ecl/lexicon.c:216:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			    char   bkgmsg[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/lexyy.c:721:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char yytext[YYLMAX];
data/iraf-2.16.1+2018.11.01/pkg/ecl/lexyy.c:723:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char yysbuf[YYLMAX];
data/iraf-2.16.1+2018.11.01/pkg/ecl/lists.c:55:31:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    else if ((pp->p_listfp = fopen (filename, "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:244:6:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	if (tmpfile)				
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:245:16:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	    c_delete (tmpfile);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:375:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	alt_loginfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:376:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	init_envfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:377:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	clstartup[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:378:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	clprocess[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:379:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char 	ebuf[FAKEPARAMLEN];
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:380:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	arglist[SZ_LINE], *ap;
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:511:17:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		o.o_val.v_s = tmpfile;
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:525:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char global[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:537:17:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                strcpy (global, "/etc/iraf/login.cl");
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:594:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char *tmpfile, buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:594:15:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	static char *tmpfile, buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:597:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy (buf, "/tmp/envcl");
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:599:16:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	if (c_access (tmpfile, 0, 0) == YES)
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:600:16:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	    c_delete (tmpfile);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:601:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((out = fopen (tmpfile, "wt")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:601:20:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	if ((out = fopen (tmpfile, "wt")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:602:59:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	    printf ("Warning: tmp output file '%s' not found\n", tmpfile);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:606:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((fd1 = fopen (in1, "rt")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:614:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((fd2 = fopen (in2, "rt")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:622:10:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	return (tmpfile);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:635:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	logoutfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:641:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen (logoutfile, "r")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:801:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	errmsg[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:267:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_PROMPTBUF+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:296:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	source[33];
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:304:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy (source, "stdgraph");
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:307:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy (source, "stdimage");
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:329:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char    str[SZ_LINE+1], keystr[10];
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:339:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			    sprintf (keystr, "%c", key);
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:341:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			    sprintf (keystr, "\\%03o", key);
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:540:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char	tbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:622:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char	readbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:750:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	bqfile[SZ_PATHNAME], qrfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:764:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen (bqfile, "w")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:790:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((in = fopen (qrfile, "r")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:814:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	bqfile[SZ_PATHNAME], qrfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:815:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	qrtemp[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:816:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	response[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:825:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen (bqfile, "r")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:844:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen (qrtemp, "w")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:171:31:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((newtask->t_stdout = fopen (fname, mode)) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:204:31:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((newtask->t_stderr = fopen (fname, mode)) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:241:31:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((newtask->t_stdout = fopen (fname, mode)) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:349:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	s1[1024+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:881:31:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((newtask->t_stdout = fopen (fname, mode)) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:908:30:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((newtask->t_stdin = fopen (fname, mode)) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:942:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen (fname, count > 1 ? "ab" : "wb")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:1055:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	format[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:1099:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	format[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:1100:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pname[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.h:121:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
#define op2str(op) 	((char *)(opstrings[op-1] ? opstrings[op-1] : ""))
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:57:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (outstr, "%d", op->o_val.v_i);
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:61:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (outstr, "%g", op->o_val.v_r);
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:102:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	outstr[MAXPROMPT+1], *out;
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:103:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	newstr[SZ_LINE], *new;
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:251:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char numstr[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:258:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (numstr, "%d", o.o_val.v_i);
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:262:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (numstr, "%g", o.o_val.v_r);
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:301:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	hexnum[MAX_DIGITS];
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:352:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy (hexnum, "0x");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:384:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	mode[5];	/* used to turn bits into string	*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:386:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[20];	/* to stuff the expanded type in	*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:468:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	        strcpy (--bp, "struct");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:470:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	        strcpy (--bp, "gcur");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:472:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	        strcpy (--bp, "imcur");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:474:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	        strcpy (--bp, "ukey");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:476:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	        strcpy (--bp, "pset");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:591:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char	redir[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:769:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	sbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:790:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	sbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:952:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[20];
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:1010:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy (--bp, "struct");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:1012:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy (--bp, "gcur");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:1014:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy (--bp, "imcur");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:1016:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy (--bp, "ukey");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:1018:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy (--bp, "pset");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:1284:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (pp->p_name, "$%d", pos);
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.h:171:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pf_pfilename[SZ_FNAME+1];	/* file to be updated	*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:161:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	usr_pfile[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:162:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pkg_pfile[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:163:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pkgdir[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:299:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		    if ((fp = fopen (pkg_pfile, "r")) != NULL) {
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:458:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:469:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen (pfilename, "r")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:602:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pfname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:615:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy (dot ? dot : op, ".par");
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:631:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen (pfname, "w")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:670:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pfilename[SZ_FNAME];	/* user pfile			*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:671:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pkgdir[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:760:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	temp[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1262:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		len = atoi (s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1276:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char initbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1565:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    *(pp->p_aval.a_i + i) = atoi(s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1607:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	*val = atoi(str);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1630:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char readbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1632:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE];	/* working scratch buffer		*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1822:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	strings[4][25];
data/iraf-2.16.1+2018.11.01/pkg/ecl/prcache.c:76:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pr_name[SZ_PATHNAME+1];	/* filename of process		*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/prcache.c:304:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pname[MAXSUBPROC][SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/prcache.c:443:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	nodename[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/prcache.c:444:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	out[100];
data/iraf-2.16.1+2018.11.01/pkg/ecl/scan.c:58:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/scan.c:204:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/scan.c:205:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*v[MAXARGS];
data/iraf-2.16.1+2018.11.01/pkg/ecl/task.c:329:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/task.h:85:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char   *errmsg[SZ_LINE];/* error message			*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/unop.c:48:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fname[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/unop.c:49:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	ch, sbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:250:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	curr_param[SZ_FNAME];	/* Parameter name of ref's		*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:251:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	curr_task[SZ_FNAME];	/* ltaskname of command 		*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:292:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern	char	cmdblk[SZ_CMDBLK+1];	/* Command buffer in history.c */
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:1676:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:1693:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char yyformat[sizeof yyunexpected
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:1861:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char yymsgbuf[128];
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:3392:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			    char    pname[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/pkg/images/immatch/src/imcombine/src/icmask.h:11:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	ICM_OPEN	0		# Keep masks open
data/iraf-2.16.1+2018.11.01/pkg/images/tv/iis/lib/ids.h:13:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define	IDS_NEXTCH	Memi[$1+2]		# next char pos in string buf
data/iraf-2.16.1+2018.11.01/pkg/images/tv/iis/lib/ids.h:35:43:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	IDS_DEVNAME	Memi[$1+26]		# name of open device
data/iraf-2.16.1+2018.11.01/pkg/softools/mkapropos/helpdir.h:16:46:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define	HD_NEXTCH	Memi[$1+1]		# index of next char in sbuf
data/iraf-2.16.1+2018.11.01/pkg/system/help/helpdir.h:16:46:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define	HD_NEXTCH	Memi[$1+1]		# index of next char in sbuf
data/iraf-2.16.1+2018.11.01/pkg/tbtables/tbfxff.c:9:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char c_filename[FLEN_FILENAME+1];
data/iraf-2.16.1+2018.11.01/pkg/tbtables/tbfxff.c:10:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char c_keyword[FLEN_KEYWORD+1];
data/iraf-2.16.1+2018.11.01/pkg/tbtables/tbfxff.c:11:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char c_card[FLEN_CARD+1];
data/iraf-2.16.1+2018.11.01/pkg/tbtables/tbfxff.c:12:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char c_value[FLEN_VALUE+1];
data/iraf-2.16.1+2018.11.01/pkg/tbtables/tbfxff.c:13:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char c_comment[FLEN_COMMENT+1];
data/iraf-2.16.1+2018.11.01/pkg/tbtables/tbfxff.c:14:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char c_message[FLEN_ERRMSG+1];
data/iraf-2.16.1+2018.11.01/pkg/tbtables/tblerr.h:11:54:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	ER_TBTOOLATE		31	# too late, table is already open
data/iraf-2.16.1+2018.11.01/pkg/tbtables/tblerr.h:12:41:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	ER_TBNOTOPEN		32	# table must be open for this option
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/od/od.h:16:51:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define  OD_GRP          Memi[$1+5]      # Current open group.
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/threed/tblerr.h:10:54:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	ER_TBTOOLATE		31	# too late, table is already open
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/threed/tblerr.h:11:41:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	ER_TBNOTOPEN		32	# table must be open for this option
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/threed/tbtables.h:54:43:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	TB_IS_OPEN		Memb[$1+12]	# Table is open?
data/iraf-2.16.1+2018.11.01/sys/etc/environ.h:26:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define	E_SETP		(($1+4-1)*SZ_SHORT+1)	# char pointer to name field
data/iraf-2.16.1+2018.11.01/sys/fmio/fmio.h:12:51:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define  DEF_FCACHESIZE  8               # default open files in file cache
data/iraf-2.16.1+2018.11.01/sys/fmio/fmset.h:5:48:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	FM_FCACHESIZE		2	#RW number of files in open file cache
data/iraf-2.16.1+2018.11.01/sys/gio/calcomp/ccp.h:31:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define	CCP_NEXTCH	Memi[$1+2]		# next char pos in string buf
data/iraf-2.16.1+2018.11.01/sys/gio/calcomp/ccp.h:52:43:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	CCP_DEVNAME	Memi[$1+26]		# name of open device
data/iraf-2.16.1+2018.11.01/sys/gio/cursor/grc.h:11:43:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	RC_PHYSOPEN	Memi[$1+2]		# physical open by rcursor
data/iraf-2.16.1+2018.11.01/sys/gio/cursor/grc.h:13:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			# (open)
data/iraf-2.16.1+2018.11.01/sys/gio/cursor/gtr.h:40:45:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	TR_WSOPEN	Memi[$1+19]		# workstation open count
data/iraf-2.16.1+2018.11.01/sys/gio/cursor/gtr.h:45:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			# (open)
data/iraf-2.16.1+2018.11.01/sys/gio/gks/gks.h:3:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	NDEV		10	# Maximum number of open devices possible
data/iraf-2.16.1+2018.11.01/sys/gio/glabax/glabax.h:36:44:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define	AX_TICKLABELSIZE	Memr[P2R($1+33)]	# char size of ticklabel
data/iraf-2.16.1+2018.11.01/sys/gio/glabax/glabax.h:37:41:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define	AX_TICKLABELCOLOR	Memi[$1+34]		# char size of ticklabel
data/iraf-2.16.1+2018.11.01/sys/gio/glabax/glabax.h:39:44:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define	AX_AXISLABELSIZE	Memr[P2R($1+36)]	# char size axislabel
data/iraf-2.16.1+2018.11.01/sys/gio/glabax/glabax.h:40:41:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define	AX_AXISLABELCOLOR	Memi[$1+37]		# char size axislabel
data/iraf-2.16.1+2018.11.01/sys/gio/imdkern/imd.h:14:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define	IMD_NEXTCH	Memi[$1+2]		# next char pos in string buf
data/iraf-2.16.1+2018.11.01/sys/gio/imdkern/imd.h:37:43:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	IMD_DEVNAME	Memi[$1+26]		# name of open device
data/iraf-2.16.1+2018.11.01/sys/gio/nsppkern/gkt.h:15:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define	GKT_NEXTCH	Memi[$1+2]		# next char pos in string buf
data/iraf-2.16.1+2018.11.01/sys/gio/nsppkern/gkt.h:36:43:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	GKT_DEVNAME	Memi[$1+26]		# name of open device
data/iraf-2.16.1+2018.11.01/sys/gio/sgikern/sgi.h:14:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define	SGI_NEXTCH	Memi[$1+2]		# next char pos in string buf
data/iraf-2.16.1+2018.11.01/sys/gio/sgikern/sgi.h:37:43:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	SGI_DEVNAME	Memi[$1+26]		# name of open device
data/iraf-2.16.1+2018.11.01/sys/gio/stdgraph/stdgraph.h:26:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define	SG_NEXTCH	Memi[$1+2]		# next char pos in string buf
data/iraf-2.16.1+2018.11.01/sys/gio/stdgraph/stdgraph.h:52:42:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	SG_DEVNAME	Memi[$1+28]		# name of open device
data/iraf-2.16.1+2018.11.01/sys/gty/gty.h:11:29:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
# The caplist is indexed at open time to permit a binary search for
data/iraf-2.16.1+2018.11.01/sys/imio/iki/iki.h:24:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	IKI_OPEN	k_table[1,$1]	# open/create image
data/iraf-2.16.1+2018.11.01/sys/imio/iki/iki.h:26:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	IKI_OPIX	k_table[3,$1]	# open/create pixel file
data/iraf-2.16.1+2018.11.01/sys/libc/atoi.c:14:1:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
atoi (char *str)
data/iraf-2.16.1+2018.11.01/sys/libc/atol.c:14:1:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
atol (char *str)
data/iraf-2.16.1+2018.11.01/sys/libc/fopen.c:16:1:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
fopen (
data/iraf-2.16.1+2018.11.01/sys/libc/freadline.c:21:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char line[SZ_LINE];
data/iraf-2.16.1+2018.11.01/sys/libc/mktemp.c:17:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char unique[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/sys/libc/perror.c:13:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	*sys_errlist[1];		/* UNIX standard	*/
data/iraf-2.16.1+2018.11.01/sys/libc/perror.c:15:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	u_oserrmsg[SZ_OSERRMSG+1];
data/iraf-2.16.1+2018.11.01/sys/libc/scanf.c:32:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	f_ucc[SZ_UCC+1];
data/iraf-2.16.1+2018.11.01/sys/libc/scanf.c:299:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	numbuf[SZ_NUMBUF+1];
data/iraf-2.16.1+2018.11.01/sys/libc/zztest.c:21:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[128];
data/iraf-2.16.1+2018.11.01/sys/libc/zztest.c:23:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf (buf, "\tabcdef %0*d[%-5.2s], %h\n", 5, 99, "wxyz", 12.5);
data/iraf-2.16.1+2018.11.01/sys/libc/zztest.c:34:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((in = fopen ("junk", "r")) == NULL)
data/iraf-2.16.1+2018.11.01/sys/libc/zztest.c:36:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((out = fopen ("junk2", "wb")) == NULL)
data/iraf-2.16.1+2018.11.01/sys/libc/zztest.c:50:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/sys/libc/zztest.c:51:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	str[SZ_LINE];
data/iraf-2.16.1+2018.11.01/sys/libc/zztest.c:90:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	token[SZ_LINE+1], delim;
data/iraf-2.16.1+2018.11.01/sys/libc/zztest.c:97:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen (token, "r");
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:37:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	p_message[1024];
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:60:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	p_format[1024];
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:61:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	message[1024];
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:78:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	p_format[1024];
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:79:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	message[1024];
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:96:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	p_format[1024];
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:97:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	p_strarg[1024];
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:98:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	message[1024];
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:117:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((fp = fopen (FNAME, "a")) == NULL)
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:140:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	p_format[1024];
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:141:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	s_action[2];
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:153:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((fp = fopen (FNAME, "a")) == NULL)
data/iraf-2.16.1+2018.11.01/sys/mtio/mtio.h:32:52:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	MT_FILNO	mtdev[7,$1+1]	# old file number at open
data/iraf-2.16.1+2018.11.01/sys/mtio/mtio.h:33:54:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	MT_RECNO	mtdev[8,$1+1]	# old record number at open
data/iraf-2.16.1+2018.11.01/sys/mwcs/mwsv.h:23:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define	SV_MWSVOFF	Memi[$1+3]		# char offset of saved MWSV
data/iraf-2.16.1+2018.11.01/sys/mwcs/mwsv.h:25:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define	SV_DBUFOFF	Memi[$1+5]		# char offset of saved DBUF
data/iraf-2.16.1+2018.11.01/sys/mwcs/mwsv.h:27:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define	SV_SBUFOFF	Memi[$1+7]		# char offset of saved SBUF
data/iraf-2.16.1+2018.11.01/sys/osb/bswap4.c:21:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char temp[4];
data/iraf-2.16.1+2018.11.01/sys/osb/bswap8.c:21:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char temp[8];
data/iraf-2.16.1+2018.11.01/sys/osb/chrpak.c:23:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	op = &((unsigned char *)b)[*b_off-1];
data/iraf-2.16.1+2018.11.01/sys/osb/chrupk.c:25:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	ip = &((unsigned char *)a)[*a_off-1+n];
data/iraf-2.16.1+2018.11.01/sys/osb/strsum.c:17:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char     pkstr[*maxch];
data/iraf-2.16.1+2018.11.01/sys/osb/strsum.c:65:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char     pkstr[*maxch];
data/iraf-2.16.1+2018.11.01/sys/pmio/mio.h:5:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
# PLNAME or the open mask descriptor PM.  An image pixel is said to be visible
data/iraf-2.16.1+2018.11.01/sys/psio/psio.h:78:61:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define  PS_CFONT_CH     Memi[$1+40]     # current font code char
data/iraf-2.16.1+2018.11.01/sys/psio/psio.h:79:61:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define  PS_PFONT_CH     Memi[$1+41]     # special font code char
data/iraf-2.16.1+2018.11.01/sys/psio/psio.h:80:61:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
define  PS_SFONT_CH     Memi[$1+42]     # special font code char
data/iraf-2.16.1+2018.11.01/sys/qpoe/qpex.h:16:34:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
# Magic values used to represent open ranges :N and N:.
data/iraf-2.16.1+2018.11.01/sys/qpoe/qpio.h:53:48:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	IO_FD		Memi[$1+19]	# file descriptor of open lfile
data/iraf-2.16.1+2018.11.01/sys/qpoe/qpio.h:55:46:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	IO_CHAN		Memi[$1+21]	# i/o channel of open lfile
data/iraf-2.16.1+2018.11.01/sys/tty/tty.h:25:29:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
# The caplist is indexed at open time to permit a binary search for
data/iraf-2.16.1+2018.11.01/sys/tty/tty.h:44:52:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	T_NLINES	Memi[$1+9]	# nlines on terminal at open
data/iraf-2.16.1+2018.11.01/sys/tty/tty.h:45:52:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	T_NCOLS		Memi[$1+10]	# ncols on terminal at open
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	vfn[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pkglibs[SZ_COMMAND+1];
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:43:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	newlibs[SZ_COMMAND+1];
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:55:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat (vfn, "$lib/");
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:112:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	osfn[SZ_PATHNAME+1], *hlib;
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:113:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	irafarch[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:157:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	lbuf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:158:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pkname[SZ_FNAME+1], old_value[SZ_VALUE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:166:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen (osfn, "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:217:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			if ((fp = fopen (vfn2osfn(fname,0), "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osfcopy.c:70:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((in = open (vfn2osfn(oldfile,0), O_RDONLY)) == ERR)
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osfn2vfn.c:15:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static	char	vfn[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:17:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char	irafdir[SZ_PATHNAME+1] = "";
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:18:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char	hostdir[SZ_PATHNAME+1] = "";
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:19:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char	valstr[SZ_COMMAND+1];
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osopen.c:24:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    return (open (vfn2osfn (vfn, 0), O_RDONLY));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osputenv.c:20:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_VALUE], *env;
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osputenv.c:40:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_VALUE], *env;
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossysfile.c:94:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char outfname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossysfile.c:95:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/vfn2osfn.c:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fname[SZ_PATHNAME+1], *ldir;
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:35:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	f_types[20];		/* "csilrdx"		*/
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:43:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	xtype_string[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:90:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*files[MAXFILES], *s, **p, *ip;
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:91:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fname[SZ_FNAME], *extension;
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:94:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	genfname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:95:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	template[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:96:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	input_file[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:135:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    yyin = fopen (input_file, "r");
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:166:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat (template, "$t");
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:181:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat (template, "$t");
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:204:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((fp = fopen (fname, "w")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:237:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char fname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:490:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	types[20];
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:571:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	expr_buf[80], *expr;
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/char.c:33:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	name[SZ_FNAME+1], *val;
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/char.c:34:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	lbuf[SZ_CMD+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/char.c:91:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((fp = fopen (&name[1], "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/char.c:210:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char ps[2] = "\0";
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/fdcache.c:30:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fname[SZ_NAME+1];	/* file name			*/
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/fncache.c:33:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	lname[SZ_LNAME+1];	/* logical name			*/
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/fncache.c:34:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fname[SZ_FNAME+1];	/* file name			*/
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/fncache.c:112:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char    lname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:89:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	cmd[SZ_CMD+1], *args;
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:93:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	libfname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:110:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat (cmd, " -d");
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:112:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat (cmd, " -x");
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:242:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:243:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char libfname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:276:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char    backup[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:277:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char    path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:278:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:348:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:349:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:385:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char    backup[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:488:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	old[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:489:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	new[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:520:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_COPYBUF], *ip;
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:528:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((in  = open(old,O_RDONLY)) == ERR || fstat(in,&fi) == ERR) {
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:592:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	old_osfn[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:593:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	new_osfn[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:748:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char objfile[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:757:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy (op, ".o");
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:809:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char pathname[SZ_LIBPATH];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:810:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char relpath[SZ_LIBPATH];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:39:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	sbuf[SZ_SBUF];			/* string buffer		*/
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:45:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	*pkgenv[MAX_PKGENV];		/* package environments		*/
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:46:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	v_pkgenv[SZ_PKGENV+1];		/* buffer for pkgenv names	*/
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:47:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	irafdir[SZ_PATHNAME+1];		/* iraf root directory		*/
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:81:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	flags[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:82:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*symargs[MAX_ARGS], *modules[MAX_ARGS];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:183:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char    symbol[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:238:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char   fname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:250:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char   new_xflags[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:258:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char   new_xvflags[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:266:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char   new_lflags[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:281:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char    symbol[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:326:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	errmsg[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:341:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	errmsg[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/mkpkg.h:58:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*pbstk[SZ_PBSTK];	/* save pushed ips		*/
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/mkpkg.h:59:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pbbuf[SZ_PBBUF+1];	/* push back buffer		*/
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/mkpkg.h:80:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*flist[MAX_FILES];	/* file list			*/
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/mkpkg.h:81:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*rflist[MAX_FILES];	/* remote file list		*/
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/mkpkg.h:82:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	curdir[SZ_PATHNAME+1];	/* cwd for printed output	*/ 
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/mkpkg.h:83:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	dirpath[SZ_PATHNAME+1];	/* os path of cwd		*/
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/mkpkg.h:84:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	library[SZ_PATHNAME+1];	/* library being updated	*/
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/mkpkg.h:85:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	libpath[SZ_PATHNAME+1];	/* pathname of library		*/
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/mkpkg.h:86:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	mkpkgfile[SZ_FNAME+1];	/* mkpkg file being scanned	*/
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:41:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char    fname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:99:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	token[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:100:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*dflist[MAX_DEPFILES+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:175:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char    srcname[SZ_PATHNAME+1], modname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:176:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char    dname[SZ_FNAME+1], fname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:276:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	module[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:277:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	subdir[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:278:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	fname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:311:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char	dirname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:325:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char    dname[SZ_FNAME+1], fname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:647:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:774:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    cx->fp = fopen (vfn2osfn(fname,0), "r");
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:833:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	word1[SZ_FNAME+1], word2[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:870:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char    module[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:871:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char    subdir[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:872:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char    fname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:35:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	mlb_sbuf[SZ_SBUF];		/* string buffer		*/
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:63:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	libfname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:64:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	modname[SZ_KEY+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:65:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	lbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:87:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen (libfname, "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:166:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char     name[17], date[13];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:194:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		        char p[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:196:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		        len = atoi(&arf.ar_name[3]);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/sflist.c:62:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static	char	*sf_dirs[MAX_SFDIRS];		/* source directories	*/
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/sflist.c:92:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	dirname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/sflist.c:93:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	stname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/sflist.c:94:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	sfname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/sflist.c:95:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	mkobj[SZ_CMD+SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/sflist.c:96:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	token[SZ_CMD+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:37:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tokbuf[SZ_COMMAND+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:178:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	cmd[SZ_CMD+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:309:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tokbuf[SZ_COMMAND+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:310:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_PREDBUF], *argv[MAX_ARGS];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:590:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	module[SZ_FNAME+1], subdir[SZ_FNAME+1], fname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:591:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	symbol[SZ_FNAME+1], value[SZ_COMMAND+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:592:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	modspec[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:654:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	match[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:655:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	lbuf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:736:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	cmd[SZ_COMMAND+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:737:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	xflags[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:738:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*dflist[MAX_DEPFILES+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:780:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat (xflags, "-d ");
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:782:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat (xflags, "-x ");
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:813:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	cmd[SZ_CMD+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:827:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat (cmd, " -d");
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:829:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat (cmd, " -x");
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:858:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *ip, token[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:859:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char linkline[SZ_CMD+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:860:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmdbuf[SZ_CMD+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:900:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat (cmd, " -d");
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:902:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat (cmd, " -x");
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:943:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	cmd[SZ_CMD+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:975:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	symbol[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:976:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	value[SZ_PBBUF+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1003:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1004:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	dname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1027:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1028:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	dname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1052:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	old[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1053:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	new[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1086:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	old[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1087:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	new[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1127:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1237:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char	args[SZ_PBBUF+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1238:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tokbuf[SZ_COMMAND+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1450:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char lstr[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/rmbin/rmbin.c:16:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	*only[MAXEXTN];		/* delete files with these extensions	*/
data/iraf-2.16.1+2018.11.01/unix/boot/rmbin/rmbin.c:17:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	*excl[MAXEXTN];		/* exclude these files			*/
data/iraf-2.16.1+2018.11.01/unix/boot/rmbin/rmbin.c:52:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/rmbin/rmbin.c:133:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	newpath[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/rmbin/rmbin.c:134:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/rmbin/rmbin.c:251:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char    lbuf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/rmfiles/rmfiles.c:54:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	prog[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/rmfiles/rmfiles.c:131:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	dir[SZ_PATHNAME+1], path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/rmfiles/rmfiles.c:132:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*extnlist[MAXEXTN], *ip, *op;
data/iraf-2.16.1+2018.11.01/unix/boot/rmfiles/rmfiles.c:133:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	lbuf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/rmfiles/rmfiles.c:150:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((fp = fopen (vfn2osfn(prog,0), "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/boot/rmfiles/rmfiles.c:278:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	oldpath[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/rmfiles/rmfiles.c:279:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	newpath[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/rmfiles/rmfiles.c:280:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:83:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dummy[TBLOCK];
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:85:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char name[NAMSIZ];	/* NULL delimited		*/
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:86:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char mode[8];		/* octal, ascii			*/
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:87:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char uid[8];
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:88:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char gid[8];
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:89:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char size[12];
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:90:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char mtime[12];
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:91:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char chksum[8];
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:93:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char linkname[NAMSIZ];
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:101:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	name[NAMSIZ];
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:110:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	linkname[NAMSIZ];
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:134:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char tapeblock[SZ_TAPEBUFFER];
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:786:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	padbuf[SZ_PADBUF+10];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/open.c:14:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	       cname[FILENAMESIZE];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/open.c:19:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fp = fopen(cname, "a");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/open.c:21:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fp = fopen(cname, "w");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/open.c:23:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fp = fopen(cname, "r");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:135:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	ccomp[SZ_FNAME] 	= CCOMP;
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:136:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	f77comp[SZ_FNAME] 	= F77COMP;
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:137:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	linker[SZ_FNAME] 	= LINKER;
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:138:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	f2cpath[SZ_FNAME] 	= "/usr/bin/f2c";
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:139:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	g77path[SZ_FNAME] 	= "/usr/bin/g77";
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:141:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	outfile[SZ_FNAME] = "";
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:142:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	tempfile[SZ_FNAME] = "";
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:143:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	*lflags[MAXFLAG+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:144:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	*lfiles[MAXFILE+1];			/* all files		*/
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:145:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	*hlibs[MAXFILE+1];			/* host libraries	*/
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:146:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	*lxfiles[MAXFILE+1];			/* .x files		*/
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:147:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	*lffiles[MAXFILE+1];			/* .f files		*/
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:148:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	buffer[SZ_BUFFER+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:149:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	libbuf[SZ_LIBBUF+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:154:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	v_pkgenv[SZ_PKGENV+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:161:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	floatoption[32] = "";			/* f77 arch flag, if any */
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:216:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*arglist[MAXFILE+MAXFLAG+10];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:224:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy (f77comp, "f77");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:277:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char *s, u_pkgenv[SZ_PKGENV+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:539:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat (outfile, ".e");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:585:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char *ip, *op, *vp, fname[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:788:6:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	    mkstemp (tempfile);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:879:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char command[1024];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:899:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char    shlib[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:900:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char    edsym[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:901:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char    command[SZ_CMDBUF];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:913:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat (command, " -T");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:915:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat (command, " -t");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:934:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:967:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *fp, *fs, lflag[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1011:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char savename[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1012:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char libname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1013:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1014:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1107:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static  char xpp_path[SZ_PATHNAME+1], rpp_path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1108:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	cmdbuf[SZ_CMDBUF], fname[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1133:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat (cmdbuf, " -h ");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1202:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	path[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1236:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*argv[256];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1388:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	out[SZ_CMDBUF];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1419:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char path[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1420:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	dirpath[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1444:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    static  char envpath[8192];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:59:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static	char sbuf[SZ_SBUF+1];		/* string buffer		*/
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:61:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static	char procname[SZ_FNAME+1];	/* procedure name		*/
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:100:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tokstr[SZ_TOKEN+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:120:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char lbuf[200];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:157:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tokstr[SZ_TOKEN+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:172:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char lbuf[200];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:977:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char yytext[YYLMAX];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:1017:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern  char fname[MAX_INCLUDE][SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:2731:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if ((yyin = fopen (vfn2osfn (fname[istkptr],0), "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:2757:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char    hfile[SZ_FNAME+1], *op;
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:2843:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char	sysfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:2860:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((yyin = fopen (vfn2osfn(fname[istkptr],0), "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:93:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	fname[MAX_INCLUDE][SZ_PATHNAME];/* file names 			      */
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:96:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	obuf[SZ_OBUF];			/* buffer for body of procedure       */
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:97:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	dbuf[SZ_DBUF];			/* buffer for misc proc. decls.	      */
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:98:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	sbuf[SZ_SBUF];			/* string buffer 		      */
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:391:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	st_buf[SZ_STBUF];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:419:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	name[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:504:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	name[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:505:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	value[SZ_LINE];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:560:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char *emsg[SZ_LINE];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:623:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	msg[20];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:626:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (msg, "#!# %d\n", linenum[istkptr] - 1);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:840:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	task_name[SZ_FNAME], proc_name[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1002:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1028:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (buf, "data\t(dp(iyy),iyy=%2d,%2d)\t/",
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1035:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf (buf, "%2d/\n", XEOS);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1037:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf (buf, "%4d/\n", offset==EOS ? XEOS: offset);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1039:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf (buf, "%4d,", offset==EOS ? XEOS: offset);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1065:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	lbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1073:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (lbuf, "\tif (streq (task, dict(dp(%d)))) {\n", i+1);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1077:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (lbuf, "\t    return (OK)\n");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1079:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (lbuf, "\t}\n");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1130:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	text[1024];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1451:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char lbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1483:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	strbuf[SZ_LINE], outbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1520:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf (&id[2], "%04d", str_idnum++);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1692:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char    decimal_constant[SZ_NUMBUF], *p;
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1737:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf (decimal_constant, "%ld", value);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1750:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	cvalue[SZ_NUMBUF], *ip;
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1781:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (cvalue, "%d.%ldD0", bvalue, value);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1783:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (cvalue, "%d.%ld", bvalue, value);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c:24:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	irafdefs[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c:26:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	v_pkgenv[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c:118:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy (fname[0], "STDIN");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c:129:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		    if ((source = fopen (vfn2osfn(argv[i],0), "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c:139:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			    if ((yyout = fopen (osfn, "w")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c:152:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			if ((fp_defs = fopen (irafdefs, "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c:206:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char rfname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:51:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dummy[TBLOCK];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:53:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char name[NAMSIZ];	/* NULL delimited		*/
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:54:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char mode[8];		/* octal, ascii			*/
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:55:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char uid[8];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:56:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char gid[8];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:57:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char size[12];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:58:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char mtime[12];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:59:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char chksum[8];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:61:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char linkname[NAMSIZ];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:68:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	name[NAMSIZ];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:77:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	linkname[NAMSIZ];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:107:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	tapeblock[SZ_TAPEBUFFER];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:143:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char	*def_flist[2] = { ".", NULL };
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:256:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	newpath[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:257:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	oldpath[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:258:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:416:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	chksum[10];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:547:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[TBLOCK*2];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:707:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:256:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    finput = fopen (parser, "r");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:289:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fdebug = fopen (DEBUGNAME, "r")) == NULL)
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:307:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fudecl = fopen (UDFILE, "r");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:321:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		ftable = fopen (TABFILE, "r");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:335:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		faction = fopen (ACTNAME, "r");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:431:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	(void) sprintf (q, "%d)", -i);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:102:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cnamesblk0[CNAMSZ];
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:114:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *typeset[NTYPES];	/* pointers to type tags */
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:185:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char actname[8];
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:190:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[F_NAME_LENGTH + 1];
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:198:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(parser, "lib/yaccpar.x");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:250:15:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    parser = strcat (cp, "/yaccpar");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:283:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	(void) strcat (fname, ".output");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:284:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	foutput = fopen (fname, "w");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:295:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	(void) strcat (fname, ".tab.h");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:296:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fdefine = fopen (fname, "w");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:301:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fdebug = fopen (DEBUGNAME, "w");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:319:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fsppout = fopen (OFILE, "w");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:322:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    ftable = fopen (TABFILE, "w");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:325:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fudecl = fopen (UDFILE, "w");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:330:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    ftemp = fopen (TEMPNAME, "w");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:331:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    faction = fopen (ACTNAME, "w");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:340:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((finput = fopen (infile = argv[optind], "r")) == NULL)
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:696:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		(void) sprintf (actname, "$$%d", nprod);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1389:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char id_name[NAMESIZE + 1];
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y4.c:78:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((finput = fopen (TEMPNAME, "r")) == NULL)
data/iraf-2.16.1+2018.11.01/unix/f2c/getopt.c:27:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char opts[256];	/* assume 8-bit bytes */
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/arithchk.c:192:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	f = fopen("arith.h", "w");
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/ctype.h:9:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char My_ctype[264] = {
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/endfile.c:18:14:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
extern FILE *tmpfile();
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/endfile.c:44:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char nbuf[10];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/endfile.c:45:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(nbuf,"fort.%ld",(long)a->aunit);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/endfile.c:63:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZ];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/endfile.c:111:13:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	 || !(tf = tmpfile())) {
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/fio.h:18:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define FOPEN fopen
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/fmtlib.c:22:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[MAXINTLENGTH+1];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/getenv_.c:34:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256], *ep, *fp;
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/inquire.c:29:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lread.c:54:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char f__ltab[128+1] = {	/* offset one for EOF */
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lread.c:120:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s[FMAX+EXPMAXDIGS+4];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lread.c:162:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		f__lcount = atoi(s);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lread.c:220:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(sp+1, "e%ld", exp);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lread.c:344:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 static char nmLbuf[256], *nmL_next;
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lwrite.c:201:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[LEFBL];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lwrite.c:214:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *ba, *bb, bufa[LEFBL], bufb[LEFBL];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:33:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
Const char *f__r_mode[2] = {"r", "r"};
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:34:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
Const char *f__w_mode[4] = {"w", "w", "r+w", "r+w"};
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:36:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
Const char *f__r_mode[2] = {"rb", "r"};
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:37:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
Const char *f__w_mode[4] = {"wb", "w", "r+b", "r+"};
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:40:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 static char f__buf0[400], *f__buf = f__buf0;
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:137:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256], *s;
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:192:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf, "fort.%ld", (long)a->ounit);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:215:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		(void) strcpy(buf,"tmp.FXXXXXX");
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:219:18:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		if (!(b->ufd = tmpfile()))
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:285:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{	char nbuf[10];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:287:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	(void) sprintf(nbuf,"fort.%ld",(long)n);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rawio.h:7:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define open _open
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rawio.h:17:36:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
extern int creat(const char*,int), open(const char*,int);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rdfmt.c:33:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char hex[256];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rdfmt.c:236:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s[FMAX+EXPMAXDIGS+4];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rdfmt.c:382:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(sp+1, "e%ld", exp);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rsne.c:150:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char Alpha[256], Alphanum[256];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rsne.c:308:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[64];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/s_cat.c:79:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(lp0, lp1, L);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/s_paus.c:70:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fin = fopen("con", "r");
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/system_.c:24:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buff0[256], *buff;
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c:28:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[FMAX+EXPMAXDIGS+4], *s, *se;
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c:90:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf,"%#.*E", d, dd);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c:114:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(se, "%+.2d", atoi(se) + 1 - f__scale);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c:114:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		sprintf(se, "%+.2d", atoi(se) + 1 - f__scale);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c:117:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(se, "%+.2d", atoi(se) + 1 - f__scale);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c:117:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		sprintf(se, "%+.2d", atoi(se) + 1 - f__scale);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c:119:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(se, "+00");
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c:212:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *b, buf[MAXINTDIGS+MAXFRACDIGS+4], *s;
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c:243:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(b = buf, "%#.*f", d, x);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c:246:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	n = sprintf(b = buf, "%#.*f", d, x) + d1;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/cds.c:47:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ebuf[24];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/cds.c:49:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char etype[Table_size], *db;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/cds.c:144:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(z0, "-0.");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/cds.c:148:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(ebuf, "%ld", ex + nd - 1);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/data.c:118:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char buf[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/data.c:119:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(buf, "bad impldoblock #%lx",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/data.c:388:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char varname[64];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/data.c:390:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[16];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/data.c:394:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(s = buf, "Q.%ld", memno);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/defs.h:506:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *cds[2];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/defs.h:549:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char ident[IDENT_LEN + 1];	/* C string form of identifier */
data/iraf-2.16.1+2018.11.01/unix/f2c/src/defs.h:733:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *cds[2];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:35:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:49:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buff[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:82:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buff[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:97:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buff[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:111:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buff[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:160:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buff[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:181:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf1[100], buf2[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:215:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buff[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:230:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buff[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:246:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buff[50];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:316:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buff[250];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/exec.c:348:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[128];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/exec.c:851:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(q->user.ident, "fmt_%ld", labelval->stateno);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c:36:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char dflttype[26];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c:155:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buff[100], *s0 = s;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c:159:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char *kind[3] = { "Binary", "Hex", "Octal" };
data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c:1100:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char wbuf[160], *who;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c:2963:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((char *)lv, (char *)rv, sizeof(union Constant));
data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c:3126:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((char *)powp, (char *)&ap->Const, sizeof(ap->Const));
data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c:3579:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *powint[ ] = {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:39:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char this_proc_name[52];	/* Name of the current procedure.  This is
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:81:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char filename[P1_FILENAME_MAX];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:101:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((infile = fopen (p1_file, binread)) == NULL)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:153:36:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (debugflag && (pass1_file = fopen (p1_bakfile, binwrite)))
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:154:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (infile = fopen (p1_file, binread)) {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:164:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((pass1_file = fopen (p1_file, binwrite)) == NULL)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:334:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char storage[COMMENT_BUFFER_SIZE + 1];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:757:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[P1_STMTBUFSIZE];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:868:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[64];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:944:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char storage[256];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:1379:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[64];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:1984:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[MAXNAMELEN+30]; /*30 should be overkill*/
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2162:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[1000];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2167:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "\t/* was ");	/* would like to say  k = sprintf(...), but */
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2181:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	   	sprintf(buf+k, "[%ld]", j);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2192:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(buf+k, " */");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2401:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1324];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:59:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((sortfp = fopen(sortfname, textread)) == NULL)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:89:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char varname[VNAME_MAX], ovarname[VNAME_MAX];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:112:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			if (memno2info(atoi(varname+2), &np)) {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:292:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    memno = atoi(varname + 2);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:428:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[MAX_INIT_LINE + 1], *pointer;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:475:20:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		newval = (char *)atol(pointer);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:846:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[8], *comma;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:939:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[24];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:942:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf, "[%ld]", L);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:1023:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char imag_buf[50], real_buf[50];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:692:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char x[10];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:697:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(x, "<%d>", yyc);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:704:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char x[10];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:709:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(x, "<%d>\n", yys);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1041:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = (yypt[-0].yyv.namval ? mkchain((char *)yypt[-0].yyv.namval,CHNULL) : CHNULL ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1044:71:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ if(yypt[-0].yyv.namval) yypt[-2].yyv.chval = yyval.chval = mkchain((char *)yypt[-0].yyv.namval, yypt[-2].yyv.chval); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1327:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		  yyval.chval = mkchain((char *)yypt[-0].yyv.expval, CHNULL);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1435:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.namval, CHNULL); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1438:53:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = hookup(yypt[-2].yyv.chval, mkchain((char *)yypt[-0].yyv.namval, CHNULL)); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1469:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.expval, CHNULL); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1472:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.expval, yypt[-2].yyv.chval); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1563:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-3].yyv.expval, mkchain((char *)yypt[-1].yyv.expval,CHNULL)); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1563:63:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-3].yyv.expval, mkchain((char *)yypt[-1].yyv.expval,CHNULL)); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1668:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-2].yyv.namval, yypt[-0].yyv.chval); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1738:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = yypt[-0].yyv.expval ? mkchain((char *)yypt[-0].yyv.expval,CHNULL) : CHNULL; } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1741:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = yypt[-0].yyv.expval ? mkchain((char *)yypt[-0].yyv.expval, yypt[-2].yyv.chval) : yypt[-2].yyv.chval; } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1753:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.expval, CHNULL); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1756:53:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = hookup(yypt[-2].yyv.chval, mkchain((char *)yypt[-0].yyv.expval,CHNULL) ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1903:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.tagval, CHNULL); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1906:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.tagval, yypt[-2].yyv.chval); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1915:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.expval, CHNULL); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1918:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.tagval, CHNULL); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1921:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.expval, mkchain((char *)yypt[-2].yyv.expval, CHNULL) ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1921:63:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.expval, mkchain((char *)yypt[-2].yyv.expval, CHNULL) ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1924:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.tagval, mkchain((char *)yypt[-2].yyv.expval, CHNULL) ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1924:63:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.tagval, mkchain((char *)yypt[-2].yyv.expval, CHNULL) ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1927:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.expval, mkchain((char *)yypt[-2].yyv.tagval, CHNULL) ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1927:63:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.expval, mkchain((char *)yypt[-2].yyv.tagval, CHNULL) ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1930:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.tagval, mkchain((char *)yypt[-2].yyv.tagval, CHNULL) ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1930:63:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.tagval, mkchain((char *)yypt[-2].yyv.tagval, CHNULL) ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1933:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.expval, yypt[-2].yyv.chval); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1936:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.tagval, yypt[-2].yyv.chval); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1945:63:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.tagval = (tagptr) mkiodo(yypt[-1].yyv.chval, mkchain((char *)yypt[-3].yyv.expval, CHNULL) ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1948:63:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ yyval.tagval = (tagptr) mkiodo(yypt[-1].yyv.chval, mkchain((char *)yypt[-3].yyv.tagval, CHNULL) ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/init.c:44:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char main_alias[52];		/* PROGRAM name, if any is given */
data/iraf-2.16.1+2018.11.01/unix/f2c/src/init.c:146:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *casttypes[TYSUBR+1] = {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/init.c:155:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *usedcasts[TYSUBR+1];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/init.c:233:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *av_pfix[TYVOID] = {"??TYUNKNOWN??", "a","i1","s","i",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/init.c:291:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char dflttype[26];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/init.c:292:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char hextoi_tab[Table_size], Letters[Table_size];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/init.c:500:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buff[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/init.c:506:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buff, "characters out of order in implicit:%c-%c", c1, c2);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/intr.c:47:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char intrfname[8];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/intr.c:235:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char spxname[8];	/* Name of the function in Fortran */
data/iraf-2.16.1+2018.11.01/unix/f2c/src/intr.c:410:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *callbyvalue[ ] =
data/iraf-2.16.1+2018.11.01/unix/f2c/src/intr.c:480:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
					strcpy(S->spxname, "h_dnnt");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/intr.c:488:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
					strcpy(S->spxname, "i_dnnt");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/intr.c:623:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char *bitop[3] = { bit_bits, bit_shift, bit_cshift };
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:54:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
LOCAL char ioroutine[12];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1343:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(p1->user.ident, "fmt_%ld",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1393:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[24], buf1[24];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1416:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(buf, "%d.", comm->curno);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1420:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(buf1, "+%ld", ci);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1430:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(buf,"%ld", ci);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/iob.h:5:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *fields[1];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/iob.h:14:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char defname[1];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:88:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
LOCAL char comstart[Table_size];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:89:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
#define USC (unsigned char *)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:91:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char anum_buf[Table_size];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:100:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[COMMENT_BUF_STORE];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:107:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char fbuf[P1_FILENAME_MAX];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:257:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
LOCAL char *stbuf[3];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:341:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fp = fopen(name, textread);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:364:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fp = fopen(name, textread);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:382:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				if (fp = fopen(name, textread)) {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:675:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[COMMENT_BUFFER_SIZE + 1];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:722:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char a[6];	/* Statement label buffer */
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:728:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf72[24];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:730:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char storage[COMMENT_BUFFER_SIZE + 1];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:928:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
					strcpy(buf72+20, "...");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:1552:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buff[2*MAXNAMELEN+50];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:1554:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			    sprintf(buff,
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:1586:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    radix = atoi (nextch);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/main.c:98:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char used_rets[TYSUBR+1];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/main.c:240:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char *hset[3] = { 0, "integer", "doublereal" };
data/iraf-2.16.1+2018.11.01/unix/f2c/src/main.c:359:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char st[4] = { TYREAL, TYCOMPLEX, TYDCOMPLEX, TYCHAR };
data/iraf-2.16.1+2018.11.01/unix/f2c/src/main.c:360:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char stl[4] = { 'E', 'C', 'Z', 'H' };
data/iraf-2.16.1+2018.11.01/unix/f2c/src/main.c:551:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char stderrbuf[BUFSIZ];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/main.c:623:25:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		else if (!(c_output = fopen(coutput, textwrite))) {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/main.c:630:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		&& !(protofile = fopen(proto_fname, textwrite)))
data/iraf-2.16.1+2018.11.01/unix/f2c/src/main.c:700:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((c_file = fopen (c_functions, textread)) == (FILE *) NULL)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/main.c:743:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if( fp = fopen(fn, mode) )
data/iraf-2.16.1+2018.11.01/unix/f2c/src/malloc.c:157:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(f1, f, s1);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/malloc.c:162:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(q, f, s1);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c:70:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[MEMBSIZE];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c:217:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[32];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/memset.c:49:1:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
memcpy(s1, s2, n) char *s1, *s2; int n;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/memset.c:51:1:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
memcpy(char *s1, char *s2, int n)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:90:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char errbuf[32];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:95:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(errbuf, "malloc(%d) failure!", n);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:356:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buff[100], *s0;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:369:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(buff, "integer constant %.*s truncated.",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:392:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char s[20];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:424:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char errbuf[64];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:726:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *)(q = ckalloc(n)), (char *)p, n);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:1268:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(f = fopen(fname, binread))) {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:1272:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(b = fopen(bname, binwrite))) {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:1334:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buff[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:1338:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buff, "integer constant %.*s truncated.", n0, s0);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:68:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buff[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:72:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				{ strcpy (buff, "real");break; }
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:73:16:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	case TYDREAL:	strcpy (buff, "doublereal");	break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:75:8:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			    strcpy (buff, "/* Complex */ VOID");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:77:8:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			    strcpy (buff, "complex");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:80:8:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			    strcpy (buff, "/* Double Complex */ VOID");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:82:8:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			    strcpy (buff, "doublecomplex");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:96:8:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			    strcpy (buff, "/* Character */ VOID");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:98:8:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			    strcpy (buff, "char");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:101:25:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        case TYUNKNOWN:	strcpy (buff, "UNKNOWN");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:111:15:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	case TYSUBR:	strcpy (buff, "/* Subroutine */ int");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:113:16:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	case TYERROR:	strcpy (buff, "ERROR");		break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:114:15:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	case TYVOID:	strcpy (buff, "void");		break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:115:17:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	case TYCILIST:	strcpy (buff, "cilist");	break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:116:18:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	case TYICILIST:	strcpy (buff, "icilist");	break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:117:16:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	case TYOLIST:	strcpy (buff, "olist");		break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:118:17:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	case TYCLLIST:	strcpy (buff, "cllist");	break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:119:16:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	case TYALIST:	strcpy (buff, "alist");		break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:120:17:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	case TYINLIST:	strcpy (buff, "inlist");	break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:121:17:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	case TYFTNLEN:	strcpy (buff, "ftnlen");	break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:122:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	default:	sprintf (buff, "BAD DECL '%d'", type);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:142:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[64];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:245:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[CONST_IDENT_MAX];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:256:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf (buf, "ci1_b%ld", litp -> litnum);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:258:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf (buf, "ci1_n%ld", -val);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:260:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(buf, "ci1__%ld", val);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:265:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf (buf, "cs_b%ld", litp -> litnum);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:267:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf (buf, "cs_n%ld", -val);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:269:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf (buf, "cs__%ld", val);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:277:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf (buf, "c_b%ld", litp -> litnum);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:279:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf (buf, "c_n%ld", -val);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:281:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf (buf, "c__%ld", val);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:309:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (buf, "c_b%ld", litp -> litnum);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:324:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[12];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:326:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf, "%d", count);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:394:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((char *)&cb.Const, (char *)&litp->litval,
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:511:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char *Extern[4] = {"", "Extern ", "extern "};
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:675:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[USER_LABEL_MAX + 1];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:676:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char *Lfmt[2] = { "L_%ld", "L%ld" };
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:696:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[IDENT_LEN];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:720:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[IDENT_LEN];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:761:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				c_file = of = fopen(outbuf,textwrite);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.c:130:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char opeqable[sizeof(opcode_table)/sizeof(table_entry)];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.c:474:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char real_buf[50], imag_buf[50];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.c:880:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[8], *s;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.c:1415:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[64];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.c:1424:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char tr_tab[Table_size];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/p1output.c:167:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cdsbuf0[64], cdsbuf1[64];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:298:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char low_input[MAX_INPUT_SIZE];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:357:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char low_prefix[MAX_INPUT_SIZE];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:358:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char low_string[MAX_INPUT_SIZE];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:495:7:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		L = atol(str);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:506:7:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		L = atol(str);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:517:20:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		*(long *)store = atol(str);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:552:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char **place = (char **) arg_result_ptr (table[index]);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:26:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 static char Ptok[128], Pct[Table_size];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:302:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[128], cbuf[128];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:701:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[128];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:741:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf1[32], buf2[32];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:762:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf1[32], buf2[32];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:884:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(pf = fopen(fname, textread))) {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:65:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[200];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:175:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char base[MAXNAMELEN+4];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:480:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[128], badname[64];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:727:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	extern char dflttype[26];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:797:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(rs->user.ident, "ret_val");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:1378:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cbuf[256], *s0;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:1682:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/put.c:282:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cdsbuf0[64], cdsbuf1[64], *ds[2];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/put.c:422:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(gmem(len,0), strp, len);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:101:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(ei_next, ei_first, k);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:530:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[80];			/* buffer for text of comment */
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:1388:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[208], buf1[32], buf2[32];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:1439:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[208], buf1[32], buf2[32];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:1992:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char comment_buf[80];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:2141:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(wh_next, wh_first, k);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:141:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[64], *s, *t;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:144:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char volname[512], f2c[24], fsname[512], *name1;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:149:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	i = sprintf(f2c, "%x", _getpid());
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:153:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(f2c, "f2c_");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:192:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char tdbuf[L_TDNAME];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:209:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(tdbuf, "/tmp/f2ctd_XXXXXX");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:210:7:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
		f = mkstemp(tdbuf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:225:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(tdbuf, "/tmp/f2ctd_XXXXXX");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:433:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char escapes[Table_size];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:436:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *str_fmt[Table_size];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:437:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *str0fmt[127] = { /*}*/
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:439:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *str_fmt[Table_size] = {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:460:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *chr_fmt[Table_size];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:461:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *chr0fmt[127] = {	/*}*/
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:463:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *chr_fmt[Table_size] = {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:486:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char *str1fmt[6] =
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:500:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(str_fmt[i] = s, "\\%03o", i);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:596:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[200];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:623:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[32000];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:649:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(mb->buf, x0, n = x-x0);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.h:65:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
void *memcpy(), *memset();
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.h:69:9:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
#ifndef atol
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.h:70:10:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    long atol();
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdeptest.c:14:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[16];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdeptest.c:19:3:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
		mkstemp(buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/vax.c:84:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cdsbuf0[64], cdsbuf1[64];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/vax.c:112:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char s[20];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/vax.c:123:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(s, "v.%ld", mem);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/vax.c:127:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(s, "L%ld", mem);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/vax.c:131:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(s, "q.%ld", mem+eqvstart);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/vax.c:392:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			d[i] = mkchain((char *)q, d[i]);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/xsum.c:226:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		x = open(s, O_RDONLY|O_BINARY);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:98:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fname[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:110:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    ncols = px = atoi (argv[++i]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:112:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    nrows = py = atoi (argv[++i]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:121:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		        red[0]   = atoi (argv[i]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:126:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		        green[0] = atoi (argv[i]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:131:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		        blue[0]  = atoi (argv[i]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:137:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		        red[1]   = atoi (argv[i]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:142:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		        green[1] = atoi (argv[i]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:147:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		        blue[1]  = atoi (argv[i]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:172:36:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            fdi = (infile[index] ? fopen (infile[index], "r") : stdin);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:185:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fdo = fopen (fname, "w+");
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:444:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
#define tab_suffixof(i)    ((unsigned char *)(htab))[i]
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:485:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char accum[256];     /* Define the storage for the packet accumulator */
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2svg.c:113:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                case 'w': width     = atoi (argv[++argno]); break;
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2svg.c:114:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                case 'h': height    = atoi (argv[++argno]); break;
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2svg.c:115:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                case 'p': pen_width = atoi (argv[++argno]); break;
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2svg.c:132:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    in = fopen (infile, "r");
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c:210:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	penparam[SZ_PENCMD];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c:276:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    in = fopen (infile, "r");
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c:483:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char	obuf[SZ_PENCMD+1];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c:520:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char buf[128];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c:521:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	hostname[32];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c:522:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	username[32];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2ueps.c:192:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static	char progname[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2ueps.c:214:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	penparam[SZ_PENCMD];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2ueps.c:278:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    in = fopen (infile, "r");
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2ueps.c:472:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char	obuf[SZ_PENCMD+1];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uhpgl.c:74:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    in = fopen (infile, "r");
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uhplj.c:129:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    in = fopen (infile, "r");
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uhplj.c:158:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf_rast [SZ_RAST];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uhplj.c:218:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char obuf [SZ_VECT];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uimp.c:75:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
#define DECL_OBUF	register char *op; char *np; char obuf[SZ_OBUF+1];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uimp.c:111:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	penparam[SZ_PENPARAM];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uimp.c:171:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    in = fopen (infile, "r");
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uptx.c:27:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   px = atoi (argv[1]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uptx.c:28:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   py = atoi (argv[2]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uptx.c:35:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      fpi = fopen (argv[index], "r");
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uqms.c:97:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	penparam[SZ_PENCMD];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uqms.c:157:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    in = fopen (infile, "r");
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uqms.c:286:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char	obuf[SZ_PENCMD+1];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2xbm.c:74:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    px = atoi (argv[++i]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2xbm.c:76:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    py = atoi (argv[++i]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2xbm.c:97:35:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            fd = (infile[index] ? fopen (infile[index], "r") : stdin);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgiUtil.c:62:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static   unsigned char  temp[4];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgiUtil.c:98:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char    b[2];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgiUtil.c:127:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            temp_val = atoi (argv[++argno]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgiUtil.c:129:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        temp_val = atoi (argv[argno]+2);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgidispatch.c:38:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tpath[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgidispatch.c:39:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	translator[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgidispatch.c:52:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat (translator, ".e");
data/iraf-2.16.1+2018.11.01/unix/hlib/config.h:4:29:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	FIRST_FD	10		# first open file descriptor
data/iraf-2.16.1+2018.11.01/unix/hlib/config.h:34:32:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	MAX_CLGFILPAR	10		# max open params for CLGFIL
data/iraf-2.16.1+2018.11.01/unix/hlib/config.h:41:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	MT_MAXTAPES	2		# maximum open tape drives
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h:138:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	open	xfopen
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h:139:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
define	open	xfopen
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/finfo.h:16:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fi_owner[SZ_OWNERSTR*sizeof(XLONG)];
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:55:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
#define	atoi		u_atoi
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:56:9:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
#define	atol		u_atol
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:65:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define	fopen		u_fopen
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:134:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
extern struct _iobuf  *fopen (char *fname, char *modestr);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:161:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
extern int	atoi (char *str);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:254:13:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
extern long	atol (char *str);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/stdio.h:94:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
FILE	*fopen();
data/iraf-2.16.1+2018.11.01/unix/os/alloc.c:49:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char f_name[SZ_FNAME];		/* file name			*/
data/iraf-2.16.1+2018.11.01/unix/os/alloc.c:252:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((ufp = fopen ("/var/run/utmp", "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/os/getproc.c:19:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fname[256];
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:27:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char pathname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:61:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy ((char *)ldir, "host");
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:65:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy ((char *)ldir, "iraf");
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:73:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat (pathname, "bin");
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:82:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat (pathname, "hlib/");
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:90:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat (pathname, "bin.");
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:100:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat (pathname, "bin/");
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:107:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat (pathname, "lib/");
data/iraf-2.16.1+2018.11.01/unix/os/net/ghostent.c:19:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char	line[LINSIZ+1];
data/iraf-2.16.1+2018.11.01/unix/os/net/ghostent.c:20:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char	hostaddr[MAXADDRSIZE];
data/iraf-2.16.1+2018.11.01/unix/os/net/ghostent.c:22:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char	*host_aliases[MAXALIASES];
data/iraf-2.16.1+2018.11.01/unix/os/net/hostdb.c:22:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char hostdb[SZ_FNAME+1] = HOSTDB;
data/iraf-2.16.1+2018.11.01/unix/os/net/hostdb.c:34:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy ((char *)osfn, "/etc/hosts");
data/iraf-2.16.1+2018.11.01/unix/os/net/in.h:118:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	sin_zero[8];
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:176:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static	char buf[15];
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:279:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy ((char *)pkname, "LOGNAME");
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:285:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy (osfn, ":udd:");
data/iraf-2.16.1+2018.11.01/unix/os/net/rexec.c:151:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char lbuf[80];
data/iraf-2.16.1+2018.11.01/unix/os/net/socket.h:53:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	sa_data[14];		/* up to 14 bytes of direct address */
data/iraf-2.16.1+2018.11.01/unix/os/net/zfioks.c:60:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	username[SZ_NAME+1], password[SZ_NAME+1];
data/iraf-2.16.1+2018.11.01/unix/os/net/zfioks.c:123:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/os/net/zfioks.c:124:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char