Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/king-probe-2.16.160404+git20200121.9b198c1/abin.c
Examining data/king-probe-2.16.160404+git20200121.9b198c1/abin.h
Examining data/king-probe-2.16.160404+git20200121.9b198c1/atomprops.c
Examining data/king-probe-2.16.160404+git20200121.9b198c1/atomprops.h
Examining data/king-probe-2.16.160404+git20200121.9b198c1/autobondrot.c
Examining data/king-probe-2.16.160404+git20200121.9b198c1/autobondrot.h
Examining data/king-probe-2.16.160404+git20200121.9b198c1/dots.c
Examining data/king-probe-2.16.160404+git20200121.9b198c1/dots.h
Examining data/king-probe-2.16.160404+git20200121.9b198c1/geom3d.c
Examining data/king-probe-2.16.160404+git20200121.9b198c1/geom3d.h
Examining data/king-probe-2.16.160404+git20200121.9b198c1/hybrid_36_c.c
Examining data/king-probe-2.16.160404+git20200121.9b198c1/hybrid_36_c.h
Examining data/king-probe-2.16.160404+git20200121.9b198c1/parse.c
Examining data/king-probe-2.16.160404+git20200121.9b198c1/parse.h
Examining data/king-probe-2.16.160404+git20200121.9b198c1/probe.c
Examining data/king-probe-2.16.160404+git20200121.9b198c1/probe.h
Examining data/king-probe-2.16.160404+git20200121.9b198c1/readPDBrecs.c
Examining data/king-probe-2.16.160404+git20200121.9b198c1/readPDBrecs.h
Examining data/king-probe-2.16.160404+git20200121.9b198c1/select.c
Examining data/king-probe-2.16.160404+git20200121.9b198c1/select.h
Examining data/king-probe-2.16.160404+git20200121.9b198c1/stdconntable.c
Examining data/king-probe-2.16.160404+git20200121.9b198c1/stdconntable.h
Examining data/king-probe-2.16.160404+git20200121.9b198c1/utility.c
Examining data/king-probe-2.16.160404+git20200121.9b198c1/utility.h
FINAL RESULTS:
data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:462:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg,"syntax: unknown identifier: %s", s);
data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:743:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(SymTable[LastSymEntry].lexptr, s);
data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:927:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(formatstring,"%s\"%s\"", s, lexString(tokenval));
data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:930:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(formatstring,"%s%d", s, tokenval);
data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:933:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(formatstring,"%s%g", s, realtokval);
data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:936:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(formatstring,"%sNOT", s);
data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:939:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(formatstring,"%sWITHIN", s);
data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:942:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(formatstring,"%s(end of pattern)", s);
data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:945:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(formatstring,"%s\'%c\'", s, lookahead);
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:517:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "For more information see %s", electronicReference);
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:834:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(extrastr,"%s",groupLabel?groupLabel:"dots"); /*060129*/
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:908:23: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(extrastr,"%s",groupLabel?groupLabel:"dots"); /*060129*/
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:989:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(extrastr,"%s",groupLabel?groupLabel:"dots"); /*060129*/
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1048:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(extrastr,"%s",groupLabel?groupLabel:"dots"); /*060129*/
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1119:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(extrastr,"%s",groupLabel?groupLabel:"dots"); /*060129*/
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1180:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(outf,(dontQuote?" %s":" \"%s\""), argv[i]);
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1896:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "%s flag instead of filename after -AUTObondrot", p);
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1911:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "could not open -AUTOBONDROT file: %s", p);
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1925:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "Please cite: %s", referenceString);
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1927:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "For more information see %s", electronicReference);
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1938:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "unrecognized flag, %s", p);
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1971:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inputfilename,p); /*dcr041023*/
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1978:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "could not open file %d: %s", file, p);
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1998:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inputfilename,p); /*dcr041023*/
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:2005:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "could not open file %d: %s", file, p);
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:2291:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prevChain, a->r->chain);
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:2344:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prevChain, a->r->chain);
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:2602:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "atom %s will be treated as oxygen", a->atomname);
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:4823:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(extraMstr," master={%s}",extrastr);
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5078:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pointid, "%s%c%s%s%c%s %s%c%s%s%c%s GAP %6.3f",
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5088:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pointid, "%s%c%s%s%c%s",
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5096:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lastpointid, pointid);
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5533:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sourceCurStart,"%s%4.4s%c%s %s%c",source->r->chain,source->r->Hy36resno,
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5542:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sourceCurEnd,"%s%4.4s%c%s %s%c",source->r->chain,source->r->Hy36resno,
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5569:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(minTarget,"%s%4.4s%c%s %s%c",target->r->chain,target->r->Hy36resno,
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5579:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(jTarget,"%s%4.4s%c%s %s%c",target->r->chain,target->r->Hy36resno,
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5584:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(minTarget,jTarget);
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5616:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prevTarget,"%s%4.4s%c%s %s%c",target->r->chain,target->r->Hy36resno,
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5621:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nextTarget,"%s%4.4s%c%s %s%c",target->r->chain,target->r->Hy36resno,
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:6652:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message,"%s",inputfilename);
data/king-probe-2.16.160404+git20200121.9b198c1/abin.h:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atomname[5];
data/king-probe-2.16.160404+git20200121.9b198c1/abin.h:84:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Hy36resno[5]; /* Hybrid 36 residue number */
data/king-probe-2.16.160404+git20200121.9b198c1/abin.h:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char segid[5]; /* segment identifier */
data/king-probe-2.16.160404+git20200121.9b198c1/abin.h:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resname[5]; /* residue name */
data/king-probe-2.16.160404+git20200121.9b198c1/abin.h:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chain[5]; /* peptide chain code */
data/king-probe-2.16.160404+git20200121.9b198c1/atomprops.c:78:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resn[6];
data/king-probe-2.16.160404+git20200121.9b198c1/atomprops.c:79:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[5] = " ";
data/king-probe-2.16.160404+git20200121.9b198c1/atomprops.c:81:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(resn, ":%-3.3s:", resname);
data/king-probe-2.16.160404+git20200121.9b198c1/atomprops.c:387:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char warnstr[5]={'_','_','_','_','\0'}; /*dcr041007*/
data/king-probe-2.16.160404+git20200121.9b198c1/atomprops.c:388:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char warnresn[5]={'_','_','_','_','\0'}; /*rmi070719*/
data/king-probe-2.16.160404+git20200121.9b198c1/autobondrot.c:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char XFworkBuf[MAX_XF_REC_LEN + 1];
data/king-probe-2.16.160404+git20200121.9b198c1/autobondrot.c:143:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if2 = fopen(s+1, "r");
data/king-probe-2.16.160404+git20200121.9b198c1/autobondrot.c:943:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, "%g ", xdb->level[i]->currVal);
data/king-probe-2.16.160404+git20200121.9b198c1/hybrid_36_c.c:65:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:27:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lexbuf[LXBUFSZ+1] = {0};
data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:28:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char Lexemes[LEXSTRINGMAX] = {0};
data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:144:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[100];
data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:151:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[100];
data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:461:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[200];
data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:565:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[100];
data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:616:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[100];
data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:619:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg,"expect match code: %d", t);
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:192:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char inputfilename[256]; /*dcr041023 global, subroutines can report it*/
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:246:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:270:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "No atom data in input.");
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:279:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "density: %g, probe radius: %g, maxBonded: %d",
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:282:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "regular HB cutoff: %g, charged HB cutoff: %g",
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:285:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message,
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:290:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "Add %g to VDW Rradius",
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:295:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "Scale VDW Rradius by %g",
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:299:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "C=O carbon VDW scaled by %.3f to a radius of %g A",
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:303:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "Score Weights: gapWt=%g, bumpWt=%g, HBWt=%g",
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:308:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "draw spike, len: %g", spikelen);
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:315:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "CH..O type hbonds recognized (scale factor %g)", CHOHBfactor);
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:394:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "specified src model==%d", modelSrc);
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:402:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "specified targ model==%d", modelTarg);
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:698:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extrastr[32]; /*060129 for extra master to control orig vs fitted dots*/
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1443:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, message[200];
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1532:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "invalid scale factor: -scalevdw%g",
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1541:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "invalid vdw offset: -addvdw%g",
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1682:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message,
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1902:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inf = fopen(p, "r"); /*p holds autobondrot input file name*/
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1968:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inf = fopen(p, "r");
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1995:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inf = fopen(p, "r");
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:2262:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prevChain[5];
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:2310:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prevChain[5];
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:2574:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[100];
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:4776:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptm[2] = {' ','\0'}; /*20120120dcr ptmaster for bval*/
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:4784:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *mast[NODEWIDTH] = {"wide contact", "close contact", "weak H-bonds", "small overlap", "bad overlap",
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:4788:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extraMstr[32]; /*fill below with extra master name 060129*/
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:4789:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pointid[100], lastpointid[100];
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:4790:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptmast[7]={'\0','\0','\0','\0','\0','\0','\0'}; /*111020dcr 6 to 7 */
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:4797:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gapnamestr[22] =
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:4805:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strcName[6]; /*first nendstr char of inputfilename 20120120dcr*/
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5270:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *mast[NODEWIDTH] = {"WC", "CC", "WH", "SO", "BO", "WO", "HB"}; /* 04/15/2015 SJ changed to match new NODEWIDTH, see probe.h*/
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5334:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *mast[NODEWIDTH] = {"wide contact", "close contact", "weak H-bonds", "small overlap", "bad overlap", "worse overlap", "H-bonds"};
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5418:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *mast[NODEWIDTH] = {"wc","cc","wh","so","bo","wo","hb"}; /* 04/10/2015 SJ to changed to match new categories of weak H bonds and worse overlap (these lists are made only if LweakHbonds and LworseOverlap are true respectively). see NODEWIDTH probe.h*/
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5521:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sourceCurStart[20],sourceCurEnd[20];
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5527:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minTarget[20],jTarget[20],prevTarget[20],nextTarget[20];
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5670:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *mast[NODEWIDTH] = {"wide_contact","close_contact","weak_H-bond","small_overlap","bad_overlap","worse_overlap","H-bond"};
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:6282:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(newH->atomname, " H? ");
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:6548:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:6658:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message,":CONTACT: WIDE : CLOSE : weak H-bonds : SMALL : BAD : WORSE : H-BOND :\n");
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:6660:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message,":MCMC :%9ld :%9ld :%9ld :%9ld :%9ld :%9ld :%9ld :"
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:6664:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message,":SCSC :%9ld :%9ld :%9ld :%9ld :%9ld :%9ld :%9ld :"
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:6668:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message,":MCSC :%9ld :%9ld :%9ld :%9ld :%9ld :%9ld :%9ld :"
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:6672:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message,":OTHER :%9ld :%9ld :%9ld :%9ld :%9ld :%9ld :%9ld :"
data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:6676:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message,":SUM :%9ld :%9ld :%9ld :%9ld :%9ld :%9ld :%9ld :"
data/king-probe-2.16.160404+git20200121.9b198c1/readPDBrecs.c:21:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char globPDBrec[PDBRECSIZE + 1];
data/king-probe-2.16.160404+git20200121.9b198c1/readPDBrecs.c:48:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linecard[5];
data/king-probe-2.16.160404+git20200121.9b198c1/select.c:677:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
default: { char msg[100];
data/king-probe-2.16.160404+git20200121.9b198c1/select.c:678:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "unknown pattern type: %d", pat->type);
data/king-probe-2.16.160404+git20200121.9b198c1/stdconntable.c:2642:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char querystring[10], *p;
data/king-probe-2.16.160404+git20200121.9b198c1/atomprops.c:405:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(atstr)==1)
data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:730:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:815:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strlen(lexString(pat->val))<3)?"*":""));
data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:822:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strlen(lexString(pat->val))<4)?"*":""));
data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:826:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strlen(lexString(pat->val))<4)?"*":""));
data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:833:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strlen(lexString(pat->val))<3)?"*":""));
data/king-probe-2.16.160404+git20200121.9b198c1/readPDBrecs.c:56:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(inf);
data/king-probe-2.16.160404+git20200121.9b198c1/readPDBrecs.c:101:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(inf);
data/king-probe-2.16.160404+git20200121.9b198c1/readPDBrecs.c:120:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strncmp(line, "ATOM", 4) == 0) && (strlen(line) >= 47);
data/king-probe-2.16.160404+git20200121.9b198c1/readPDBrecs.c:128:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strncmp(line, "HETA", 4) == 0) && (strlen(line) >= 47);
data/king-probe-2.16.160404+git20200121.9b198c1/readPDBrecs.c:143:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strncmp(line, "TER", 3) == 0) && (strlen(line) >= 27);
data/king-probe-2.16.160404+git20200121.9b198c1/readPDBrecs.c:151:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strncmp(line, "MODEL", 5) == 0) && (strlen(line) >= 14);
data/king-probe-2.16.160404+git20200121.9b198c1/readPDBrecs.c:255:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int reclen = strlen(line);
data/king-probe-2.16.160404+git20200121.9b198c1/select.c:641:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
case CHAIN_NODE: lp = strlen(lexString(pat->val));
data/king-probe-2.16.160404+git20200121.9b198c1/select.c:648:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
case RTYPE_NODE: lp = strlen(lexString(pat->val));
data/king-probe-2.16.160404+git20200121.9b198c1/select.c:653:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
case ANAME_NODE: lp = strlen(lexString(pat->val));
data/king-probe-2.16.160404+git20200121.9b198c1/select.c:656:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
case SEGID_NODE: lp = strlen(lexString(pat->val));
data/king-probe-2.16.160404+git20200121.9b198c1/utility.c:129:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max = strlen(arg);
ANALYSIS SUMMARY:
Hits = 131
Lines analyzed = 15037 in approximately 0.63 seconds (23946 lines/second)
Physical Source Lines of Code (SLOC) = 11934
Hits@level = [0] 674 [1] 18 [2] 73 [3] 0 [4] 40 [5] 0
Hits@level+ = [0+] 805 [1+] 131 [2+] 113 [3+] 40 [4+] 40 [5+] 0
Hits/KSLOC@level+ = [0+] 67.4543 [1+] 10.977 [2+] 9.46874 [3+] 3.35177 [4+] 3.35177 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.