Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/librsl-1.43/sort_rays.c Examining data/librsl-1.43/dorade.c Examining data/librsl-1.43/nsig.h Examining data/librsl-1.43/radtec_to_radar.c Examining data/librsl-1.43/rapic_to_radar.c Examining data/librsl-1.43/rapic.c Examining data/librsl-1.43/interp.c Examining data/librsl-1.43/radtec.c Examining data/librsl-1.43/uf_to_radar.c Examining data/librsl-1.43/ray_indexes.c Examining data/librsl-1.43/dorade_to_radar.c Examining data/librsl-1.43/gts.c Examining data/librsl-1.43/cappi.c Examining data/librsl-1.43/range.c Examining data/librsl-1.43/wsr88d.c Examining data/librsl-1.43/rapic_routines.c Examining data/librsl-1.43/africa.c Examining data/librsl-1.43/nsig2_to_radar.c Examining data/librsl-1.43/carpi.c Examining data/librsl-1.43/africa_to_radar.c Examining data/librsl-1.43/wsr88d_get_site.c Examining data/librsl-1.43/dorade_print.c Examining data/librsl-1.43/mcgill.c Examining data/librsl-1.43/wsr88d_to_radar.c Examining data/librsl-1.43/rapic.h Examining data/librsl-1.43/nsig.c Examining data/librsl-1.43/lassen_to_radar.c Examining data/librsl-1.43/rapic-lex.c Examining data/librsl-1.43/examples/bscan.c Examining data/librsl-1.43/examples/any_to_uf.c Examining data/librsl-1.43/examples/sector.c Examining data/librsl-1.43/examples/cappi_image.c Examining data/librsl-1.43/examples/any_to_ufgz.c Examining data/librsl-1.43/examples/qlook.c Examining data/librsl-1.43/examples/wsr_hist_uf_test.c Examining data/librsl-1.43/examples/qlook_usage.c Examining data/librsl-1.43/examples/wsr88d_to_gif.c Examining data/librsl-1.43/examples/dorade_main.c Examining data/librsl-1.43/examples/print_hash_table.c Examining data/librsl-1.43/examples/any_to_gif.c Examining data/librsl-1.43/examples/lassen_to_gif.c Examining data/librsl-1.43/examples/killer_sweep.c Examining data/librsl-1.43/examples/any_to_ppm.c Examining data/librsl-1.43/examples/kwaj_subtract_one_day.c Examining data/librsl-1.43/examples/test_get_win.c Examining data/librsl-1.43/examples/print_header_info.c Examining data/librsl-1.43/examples/adjust_gate_size.c Examining data/librsl-1.43/mcgill.h Examining data/librsl-1.43/radtec.h Examining data/librsl-1.43/fraction.c Examining data/librsl-1.43/radar_to_hdf_1.c Examining data/librsl-1.43/fix_headers.c Examining data/librsl-1.43/nsig_to_radar.c Examining data/librsl-1.43/rainbow_to_radar.c Examining data/librsl-1.43/reverse.c Examining data/librsl-1.43/lassen.h Examining data/librsl-1.43/gzip.c Examining data/librsl-1.43/get_win.c Examining data/librsl-1.43/toolkit_1BC-51_appl.h Examining data/librsl-1.43/rapic_routines.h Examining data/librsl-1.43/africa.h Examining data/librsl-1.43/rainbow.h Examining data/librsl-1.43/rainbow.c Examining data/librsl-1.43/toga.c Examining data/librsl-1.43/wsr88d_m31.c Examining data/librsl-1.43/toga.h Examining data/librsl-1.43/toolkit_memory_mgt.c Examining data/librsl-1.43/cube.c Examining data/librsl-1.43/radar_to_hdf_2.c Examining data/librsl-1.43/volume.c Examining data/librsl-1.43/hdf_to_radar.c Examining data/librsl-1.43/farea.c Examining data/librsl-1.43/lassen.c Examining data/librsl-1.43/toga_to_radar.c Examining data/librsl-1.43/mcgill_to_radar.c Examining data/librsl-1.43/histogram.c Examining data/librsl-1.43/prune.c Examining data/librsl-1.43/dorade.h Examining data/librsl-1.43/endian.c Examining data/librsl-1.43/image_gen.c Examining data/librsl-1.43/anyformat_to_radar.c Examining data/librsl-1.43/radar.c Examining data/librsl-1.43/radar_to_uf.c Examining data/librsl-1.43/read_write.c Examining data/librsl-1.43/rsl.h Examining data/librsl-1.43/wsr88d.h FINAL RESULTS: data/librsl-1.43/dorade_to_radar.c:91:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(skipped_list[nskipped], prtname); data/librsl-1.43/examples/any_to_gif.c:151:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(&fname[j], "_%s_%s.gif", RSL_ftype[i], time_string); data/librsl-1.43/examples/any_to_gif.c:156:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(&fname[j], "_%s_%s", RSL_ftype[i], time_string); data/librsl-1.43/examples/any_to_ppm.c:65:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname, "%s_sweep.ppm", RSL_ftype[i]); data/librsl-1.43/examples/any_to_ppm.c:69:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname, "%s_sweep", RSL_ftype[i]); data/librsl-1.43/examples/qlook.c:36:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pathname, filename); data/librsl-1.43/examples/qlook.c:39:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pathname, dir); data/librsl-1.43/examples/qlook.c:41:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(pathname, filename); data/librsl-1.43/examples/qlook.c:521:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"qc_%s_%2.2d.%s", time_string,i,file_suffix); data/librsl-1.43/examples/qlook.c:528:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"qc_%s_%2.2d.%s", time_string,i,file_suffix); data/librsl-1.43/examples/qlook.c:548:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"dz_%s_%2.2d.%s", data/librsl-1.43/examples/qlook.c:556:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"dz_%s_%2.2d.%s", time_string,i,file_suffix); data/librsl-1.43/examples/qlook.c:579:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"zt_%s_%2.2d.%s", data/librsl-1.43/examples/qlook.c:587:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"zt_%s_%2.2d.%s", data/librsl-1.43/examples/qlook.c:613:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"dr_%s_%2.2d.%s", data/librsl-1.43/examples/qlook.c:621:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"dr_%s_%2.2d.%s", data/librsl-1.43/examples/qlook.c:643:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"vr_%s_%2.2d.%s", time_string,i,file_suffix); data/librsl-1.43/examples/qlook.c:650:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"vr_%s_%2.2d.%s", time_string,i,file_suffix); data/librsl-1.43/examples/qlook.c:670:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"sw_%s_%2.2d.%s", data/librsl-1.43/examples/qlook.c:678:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"sw_%s_%2.2d.%s", data/librsl-1.43/examples/qlook.c:691:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"%s_%s.%s",site_id, time_string,"uf.gz"); data/librsl-1.43/examples/qlook_usage.c:35:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). case 's': strcpy(site_id, optarg); break; data/librsl-1.43/examples/qlook_usage.c:36:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). case 't': strcpy(tape_id, optarg); break; data/librsl-1.43/examples/qlook_usage.c:79:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). case 'G': strcpy(gifdir, optarg); break; data/librsl-1.43/examples/qlook_usage.c:80:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). case 'P': strcpy(pgmdir, optarg); break; data/librsl-1.43/examples/qlook_usage.c:81:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). case 'U': strcpy(ufdir, optarg); break; data/librsl-1.43/examples/qlook_usage.c:132:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(in_file, argv[optind]); data/librsl-1.43/gzip.c:65:8: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. rc = system(cmd); data/librsl-1.43/gzip.c:82:11: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fpipe = popen("gzip -q -d -f --stdout", "r"); data/librsl-1.43/gzip.c:103:11: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fpipe = popen("gzip -q -1 -c", "w"); data/librsl-1.43/hdf_to_radar.c:640:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(comments, parseString, record[0], record[1]) != nrecords) data/librsl-1.43/hdf_to_radar.c:654:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(spointer, parseString, &vs->tk.nray[tk_sindex], data/librsl-1.43/image_gen.c:65:14: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. extern FILE *popen(const char *, const char *); data/librsl-1.43/image_gen.c:522:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(pipecmd, "ppmtogif > %s 2>/dev/null", outfile); data/librsl-1.43/image_gen.c:523:11: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fpipe = popen(pipecmd, "w"); /* Global FILE * */ data/librsl-1.43/image_gen.c:563:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(pipecmd, "ppmtopict > %s 2>/dev/null", outfile); data/librsl-1.43/image_gen.c:564:11: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fpipe = popen(pipecmd, "w"); /* Global FILE * */ data/librsl-1.43/image_gen.c:612:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(pipecmd, "gzip > %s.gz 2>/dev/null", outfile); data/librsl-1.43/image_gen.c:613:11: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fpipe = popen(pipecmd, "w"); /* Global FILE * */ data/librsl-1.43/image_gen.c:772:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(outfile,"%s.%2.2d.gif", basename, i); /* File name: sweep.[0-10] */ data/librsl-1.43/image_gen.c:820:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(outfile,"%s.%2.2d.pict", basename, i); /* File name: sweep.[0-10] */ data/librsl-1.43/image_gen.c:865:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(outfile,"%s.%2.2d.ppm", basename, i); /* File name: sweep.[0-10] */ data/librsl-1.43/image_gen.c:905:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(outfile,"%s.%2.2d.pgm", basename, i); /* File name: sweep.[0-10] */ data/librsl-1.43/nsig_to_radar.c:465:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(radar->h.radar_type, "%s", radar_type); data/librsl-1.43/radar_to_hdf_1.c:407:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy(buf, tkMetaDataString.GenInputDate); data/librsl-1.43/radar_to_hdf_2.c:731:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(comments, buf); data/librsl-1.43/radar_to_hdf_2.c:736:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(comments, buf); data/librsl-1.43/radar_to_hdf_2.c:741:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(comments, buf); data/librsl-1.43/radar_to_hdf_2.c:754:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(comments, buf); data/librsl-1.43/rainbow.c:63:5: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(substr, ": %s", string); data/librsl-1.43/rainbow.c:124:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rainbow_header->radarname, get_param_string(buf)); data/librsl-1.43/rainbow_to_radar.c:137:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(radar->h.radar_name, rainbow_hdr.radarname); data/librsl-1.43/rapic.c:913:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/librsl-1.43/rapic.c:1633:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(radar->h.name, "%s", rh.namestr); data/librsl-1.43/rapic.c:1634:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(radar->h.radar_name, "%s", rh.namestr); data/librsl-1.43/read_write.c:317:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(title, "RSL v%s. sizeof(Range) %d", VERSION, sizeof(Range)); data/librsl-1.43/wsr88d_get_site.c:54:16: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. scan_count=sscanf(line,"%d %s %s %s %d %d %d %d %d %d %d",&in_number,in_site,in_city,in_state,&in_latd,&in_latm,&in_lats,&in_lond,&in_lonm,&in_lons,&in_height); data/librsl-1.43/examples/any_to_gif.c:52:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "x:r:b:vV")) != -1) data/librsl-1.43/examples/any_to_uf.c:20:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "f:")) != -1) data/librsl-1.43/examples/any_to_ufgz.c:20:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "f:")) != -1) data/librsl-1.43/examples/killer_sweep.c:87:11: [3] (random) drand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. drand = drand48()*1; data/librsl-1.43/examples/print_header_info.c:24:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "vf:")) != -1) data/librsl-1.43/examples/qlook_usage.c:24:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "vgpus:t:n:x:y:r:o:a:ADCQTWVG:P:U:")) != -1) { data/librsl-1.43/examples/wsr_hist_uf_test.c:38:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "s:")) != -1) data/librsl-1.43/africa.c:131:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ray, buf, sizeof(Africa_buffer)); data/librsl-1.43/africa_to_radar.c:74:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(infile, "r"); data/librsl-1.43/africa_to_radar.c:154:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(radar->h.radar_type, "south_africa"); data/librsl-1.43/africa_to_radar.c:155:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(radar->h.name, "SAFRICA"); data/librsl-1.43/africa_to_radar.c:156:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(radar->h.radar_name, "SAFRICA"); data/librsl-1.43/africa_to_radar.c:157:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(radar->h.city, "I don't know"); data/librsl-1.43/africa_to_radar.c:158:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(radar->h.state, "??"); data/librsl-1.43/africa_to_radar.c:159:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(radar->h.country, "South Africa"); data/librsl-1.43/anyformat_to_radar.c:60:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[11]; data/librsl-1.43/anyformat_to_radar.c:62:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(infile, "r")) == NULL) { data/librsl-1.43/anyformat_to_radar.c:71:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(magic_str, magic, sizeof(magic)); data/librsl-1.43/dorade.h:28:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[4]; data/librsl-1.43/dorade.h:34:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[4]; /* Code identifier for the volume descriptor. (4 ASCII "VOLD") */ data/librsl-1.43/dorade.h:39:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char project_name[20]; /* Project name. (20 ASCII) */ data/librsl-1.43/dorade.h:46:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flight_num[8]; /* Flight number (8 ASCII) for airborne raar or IOP number data/librsl-1.43/dorade.h:48:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char facility_name[8]; /* Generation facility. (8 ASCII) */ data/librsl-1.43/dorade.h:56:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[4]; /* Code identifier for the radar descriptor. (4 ASCII "RADD") */ data/librsl-1.43/dorade.h:58:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char radar_name[8]; /* Radar name. (8 ASCII) */ data/librsl-1.43/dorade.h:128:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[4]; /* Code identifier. (4 ASCII "PARM") */ data/librsl-1.43/dorade.h:130:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8]; /* Name of the parameter. */ data/librsl-1.43/dorade.h:131:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char description[40]; /* Description of the parameter. */ data/librsl-1.43/dorade.h:132:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char units[8]; /* Units (8 ASCII) */ data/librsl-1.43/dorade.h:156:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char threshold_field[8]; data/librsl-1.43/dorade.h:164:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[4]; /* Code identifier. (4 ASCII "CELV") */ data/librsl-1.43/dorade.h:171:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[4]; /* Code identifier. (4 ASCII "CFAC") */ data/librsl-1.43/dorade.h:192:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[4]; /* Code identifier. (4 ASCII "SWIB") */ data/librsl-1.43/dorade.h:194:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char radar_name[8]; /* Radar name. */ data/librsl-1.43/dorade.h:207:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[4]; /* Code identifier. (4 ASCII "RYIB") */ data/librsl-1.43/dorade.h:228:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[4]; /* Code identifier. (4 ASCII "ASIB") */ data/librsl-1.43/dorade.h:251:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[4]; /* Code identifier. (4 ASCII "RDAT") */ data/librsl-1.43/dorade.h:253:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8]; /* Name of parameter. (See name in 'parameter descriptor'). */ data/librsl-1.43/dorade_to_radar.c:70:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prtname[9]; data/librsl-1.43/dorade_to_radar.c:74:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char skipped_list[MAXFIELDS][9]; data/librsl-1.43/dorade_to_radar.c:180:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/librsl-1.43/dorade_to_radar.c:193:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fp=fopen(infile, "r"))==(FILE *)NULL) { data/librsl-1.43/dorade_to_radar.c:239:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(radar->h.radar_type, "dorade"); data/librsl-1.43/dorade_to_radar.c:244:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(radar->h.city, "Unknown"); data/librsl-1.43/dorade_to_radar.c:246:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(radar->h.country, "Unknown"); data/librsl-1.43/endian.c:31:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char byte[4]; data/librsl-1.43/endian.c:43:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char byte[4]; data/librsl-1.43/examples/any_to_gif.c:56:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 'x': *xdim = atoi(optarg); break; data/librsl-1.43/examples/any_to_gif.c:58:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 'b': *dbz_black = atoi(optarg); break; data/librsl-1.43/examples/any_to_gif.c:82:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[1000]; data/librsl-1.43/examples/any_to_gif.c:84:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_string[100]; data/librsl-1.43/examples/any_to_gif.c:112:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(time_string,"%2.2d%2.2d%2.2d_%2.2d%2.2d", data/librsl-1.43/examples/any_to_gif.c:130:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char r[256], g[256], b[256]; data/librsl-1.43/examples/any_to_gif.c:145:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fname,radar->h.name, sizeof(radar->h.name)); data/librsl-1.43/examples/any_to_ppm.c:23:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[100]; data/librsl-1.43/examples/any_to_ppm.c:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_string[100]; data/librsl-1.43/examples/any_to_ppm.c:43:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(time_string,"%2.2d%2.2d%2.2d_%2.2d%2.2d", data/librsl-1.43/examples/cappi_image.c:39:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfile[100]; data/librsl-1.43/examples/cappi_image.c:74:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(outfile, "cappi_%2.2d.gif", j); data/librsl-1.43/examples/qlook.c:80:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tape_id[100]; data/librsl-1.43/examples/qlook.c:81:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char in_file[100], site_id[100]; data/librsl-1.43/examples/qlook.c:82:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[100], outfile[100], nexfile[100]; data/librsl-1.43/examples/qlook.c:83:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[100], file_prefix[100], file_suffix[3]; data/librsl-1.43/examples/qlook.c:84:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir_string[100], red[120], grn[120], blu[120]; data/librsl-1.43/examples/qlook.c:85:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_string[14], site_string[10],img_base[20]; data/librsl-1.43/examples/qlook.c:86:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathname[256], gifdir[100], pgmdir[100], ufdir[100]; data/librsl-1.43/examples/qlook.c:93:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tape_id, "WSR88D"); data/librsl-1.43/examples/qlook.c:133:36: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (strcmp(site_id, "KWA0") == 0) strcpy(site_id, "KWAJ"); data/librsl-1.43/examples/qlook.c:255:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(time_string,"%4d/%2.2d%2.2d %2.2d:%2.2d UTC", data/librsl-1.43/examples/qlook.c:267:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(time_string,"%4d_%2.2d%2.2d_%2.2d%2.2d", data/librsl-1.43/examples/qlook.c:520:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(file_suffix,"pgm"); data/librsl-1.43/examples/qlook.c:527:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(file_suffix,"gif"); data/librsl-1.43/examples/qlook.c:547:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(file_suffix,"pgm"); data/librsl-1.43/examples/qlook.c:555:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(file_suffix,"gif"); data/librsl-1.43/examples/qlook.c:578:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(file_suffix,"pgm"); data/librsl-1.43/examples/qlook.c:586:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(file_suffix,"gif"); data/librsl-1.43/examples/qlook.c:612:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(file_suffix,"pgm"); data/librsl-1.43/examples/qlook.c:620:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(file_suffix,"gif"); data/librsl-1.43/examples/qlook.c:642:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(file_suffix,"pgm"); data/librsl-1.43/examples/qlook.c:649:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(file_suffix,"gif"); data/librsl-1.43/examples/qlook.c:669:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(file_suffix,"pgm"); data/librsl-1.43/examples/qlook.c:677:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(file_suffix,"gif"); data/librsl-1.43/examples/qlook_usage.c:44:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 'x': *xdim = atoi(optarg); break; data/librsl-1.43/examples/qlook_usage.c:45:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 'y': *ydim = atoi(optarg); break; data/librsl-1.43/examples/qlook_usage.c:86:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 'n': *num_sweeps = atoi(optarg); break; data/librsl-1.43/examples/test_get_win.c:53:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). min_range = (float) atoi(argv[i++]); data/librsl-1.43/examples/test_get_win.c:54:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max_range = (float) atoi(argv[i++]); data/librsl-1.43/examples/test_get_win.c:55:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). low_azim = (float) atoi(argv[i++]); data/librsl-1.43/examples/test_get_win.c:56:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). hi_azim = (float) atoi(argv[i++]); data/librsl-1.43/gzip.c:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/librsl-1.43/hdf_to_radar.c:620:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char record[2][2048]; /* 2 records is maximum possible. */ data/librsl-1.43/hdf_to_radar.c:621:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char parseString[1024]; data/librsl-1.43/hdf_to_radar.c:632:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(parseString, "%[^*] %*[*\n]"); data/librsl-1.43/hdf_to_radar.c:636:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(parseString, "%[^\n]"); data/librsl-1.43/hdf_to_radar.c:646:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(parseString, "nRay=%d\n"); data/librsl-1.43/hdf_to_radar.c:648:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(parseString, "nCell_parm[%*d]=%d\n"); data/librsl-1.43/hdf_to_radar.c:770:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/librsl-1.43/hdf_to_radar.c:887:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char hdfFileName[TK_MAX_FILENAME]; data/librsl-1.43/histogram.c:110:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fp = fopen(filename,"w")) == NULL ) { data/librsl-1.43/histogram.c:159:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(infile, "r")) == NULL) { data/librsl-1.43/histogram.c:194:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(outfile, "w")) == NULL) { data/librsl-1.43/image_gen.c:69:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char color_table[256][3]; data/librsl-1.43/image_gen.c:81:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_load_color_table(char *infile, char buffer[256], int *num_colors) data/librsl-1.43/image_gen.c:81:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_load_color_table(char *infile, char buffer[256], int *num_colors) data/librsl-1.43/image_gen.c:85:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(infile, "r"); data/librsl-1.43/image_gen.c:103:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_set_color_table(int icolor, char buffer[256], int ncolors) data/librsl-1.43/image_gen.c:121:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_get_color_table(int icolor, char buffer[256], int *ncolors) data/librsl-1.43/image_gen.c:144:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/librsl-1.43/image_gen.c:151:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/librsl-1.43/image_gen.c:158:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/librsl-1.43/image_gen.c:179:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/librsl-1.43/image_gen.c:180:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *fnames[3] = { REFL_RED_FILE, REFL_GREEN_FILE, REFL_BLUE_FILE }; data/librsl-1.43/image_gen.c:191:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/librsl-1.43/image_gen.c:203:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/librsl-1.43/image_gen.c:216:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/librsl-1.43/image_gen.c:229:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/librsl-1.43/image_gen.c:242:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/librsl-1.43/image_gen.c:292:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(outfile,"w"); data/librsl-1.43/image_gen.c:329:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void)sprintf(outfile,"bscan.%2.2d.ppm", i); data/librsl-1.43/image_gen.c:494:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rhi_cart_image[(ydim - i - vert_scale*j)*xdim], data/librsl-1.43/image_gen.c:509:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_write_gif(char *outfile, unsigned char *image, int xdim, int ydim, char c_table[256][3]) data/librsl-1.43/image_gen.c:509:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_write_gif(char *outfile, unsigned char *image, int xdim, int ydim, char c_table[256][3]) data/librsl-1.43/image_gen.c:509:77: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_write_gif(char *outfile, unsigned char *image, int xdim, int ydim, char c_table[256][3]) data/librsl-1.43/image_gen.c:513:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pipecmd[300]; data/librsl-1.43/image_gen.c:551:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_write_pict(char *outfile, unsigned char *image, int xdim, int ydim, char c_table[256][3]) data/librsl-1.43/image_gen.c:551:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_write_pict(char *outfile, unsigned char *image, int xdim, int ydim, char c_table[256][3]) data/librsl-1.43/image_gen.c:551:78: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_write_pict(char *outfile, unsigned char *image, int xdim, int ydim, char c_table[256][3]) data/librsl-1.43/image_gen.c:555:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pipecmd[100]; data/librsl-1.43/image_gen.c:577:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_write_ppm(char *outfile, unsigned char *image, int xdim, int ydim, char c_table[256][3]) data/librsl-1.43/image_gen.c:577:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_write_ppm(char *outfile, unsigned char *image, int xdim, int ydim, char c_table[256][3]) data/librsl-1.43/image_gen.c:577:77: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_write_ppm(char *outfile, unsigned char *image, int xdim, int ydim, char c_table[256][3]) data/librsl-1.43/image_gen.c:588:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fpipe = fopen(outfile, "w"); /* Global FILE * */ data/librsl-1.43/image_gen.c:604:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pipecmd[100]; data/librsl-1.43/image_gen.c:621:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fpipe = fopen(outfile, "w"); /* Global FILE * */ data/librsl-1.43/image_gen.c:757:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfile[100]; data/librsl-1.43/image_gen.c:802:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfile[100]; data/librsl-1.43/image_gen.c:847:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfile[100]; data/librsl-1.43/image_gen.c:891:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfile[100]; data/librsl-1.43/lassen.c:468:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &ray, sizeof(Lassen_ray)); data/librsl-1.43/lassen.h:32:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char radar_name[8]; /* Radar name. */ data/librsl-1.43/lassen.h:33:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char site_name[8]; /* Site name. */ data/librsl-1.43/lassen.h:110:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char spare[2]; data/librsl-1.43/lassen.h:150:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char spare2[2]; data/librsl-1.43/lassen.h:200:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char spare1[3]; data/librsl-1.43/lassen.h:262:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char spare[3]; data/librsl-1.43/lassen.h:281:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dummy[2]; data/librsl-1.43/lassen.h:285:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[8]; /* Magic number. This must be 'SUNRISE'. */ data/librsl-1.43/lassen.h:289:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mwho[16]; /* Last person to modify. */ data/librsl-1.43/lassen.h:290:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cwho[16]; /* Person who created file. */ data/librsl-1.43/lassen.h:293:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char description[40]; /* File description. */ data/librsl-1.43/lassen_to_radar.c:284:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((f=fopen(infile, "r"))==(FILE *)NULL) { data/librsl-1.43/lassen_to_radar.c:349:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(radar->h.radar_type, "lassen"); data/librsl-1.43/lassen_to_radar.c:351:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&radar->h.radar_name, vol.radinfo.radar_name, 8); data/librsl-1.43/lassen_to_radar.c:352:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&radar->h.name, vol.radinfo.site_name, 8); data/librsl-1.43/lassen_to_radar.c:353:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&radar->h.city, "????", 4); data/librsl-1.43/lassen_to_radar.c:354:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&radar->h.state,"AU", 2); data/librsl-1.43/mcgill.c:118:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MCG_RECORD]; data/librsl-1.43/mcgill.c:129:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((file->fp = fopen(filename, "r")) == NULL) data/librsl-1.43/mcgill.c:143:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&file->head, buffer, sizeof(mcgHeader_t)); data/librsl-1.43/mcgill.h:94:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[240]; /* reflectivity data value for each bin */ data/librsl-1.43/mcgill_to_radar.c:284:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(radar->h.radar_type, "mcgill"); data/librsl-1.43/mcgill_to_radar.c:287:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(radar->h.name, "PAFB"); data/librsl-1.43/mcgill_to_radar.c:288:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(radar->h.radar_name, "MCGILL"); data/librsl-1.43/mcgill_to_radar.c:289:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(radar->h.city, "MELB"); data/librsl-1.43/mcgill_to_radar.c:290:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(radar->h.state, "FL"); data/librsl-1.43/nsig.c:74:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). } else if((fp = fopen(file_name,"r")) == NULL) { data/librsl-1.43/nsig.c:368:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ray->h, chunk, sizeof(NSIG_Ray_header)); data/librsl-1.43/nsig.c:373:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rayh, chunk, sizeof(NSIG_Ray_header)); data/librsl-1.43/nsig.h:86:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char bang[2]; data/librsl-1.43/nsig.h:87:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char twob[2]; data/librsl-1.43/nsig.h:88:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char fourb[4]; data/librsl-1.43/nsig.h:211:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare[36]; data/librsl-1.43/nsig.h:213:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare[38]; data/librsl-1.43/nsig.h:268:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char user_name[12]; data/librsl-1.43/nsig.h:272:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[12]; data/librsl-1.43/nsig.h:274:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char task_name[12]; data/librsl-1.43/nsig.h:278:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare_name[12]; data/librsl-1.43/nsig.h:295:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipad128x2[2]; data/librsl-1.43/nsig.h:299:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipad132x12[12]; data/librsl-1.43/nsig.h:301:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipad146x2[2]; data/librsl-1.43/nsig.h:313:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char psi[80]; /* Do we need these?? -John 8/14/96 */ data/librsl-1.43/nsig.h:315:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipad244x28[28]; data/librsl-1.43/nsig.h:327:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare[178]; data/librsl-1.43/nsig.h:337:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sprod_sitename[16]; /* Name of product generator site, space padded */ data/librsl-1.43/nsig.h:338:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sprod_version[8]; /* Product IRIS version, null terminated */ data/librsl-1.43/nsig.h:339:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sing_version[8]; /* Ingest IRIS version, null terminated */ data/librsl-1.43/nsig.h:341:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipad44x46[42]; data/librsl-1.43/nsig.h:343:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char part_name[80]; /* Path name of file on disk. */ data/librsl-1.43/nsig.h:346:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char site_name[16]; /* Site name. Eg. mit, tog, kwa (upper-case?). */ data/librsl-1.43/nsig.h:366:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char clutter_file[12]; /* Clutter filter file name. */ data/librsl-1.43/nsig.h:378:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[16][4]; /* Array of labels for color parameter legend. */ data/librsl-1.43/nsig.h:381:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipad238x10[10]; data/librsl-1.43/nsig.h:383:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label_unit[12]; /* Text holding units of the labels. (Ver 2 only) */ data/librsl-1.43/nsig.h:389:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipad283x2[3]; data/librsl-1.43/nsig.h:396:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipad_end[PROD_END_PAD]; data/librsl-1.43/nsig.h:402:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare2[18]; data/librsl-1.43/nsig.h:410:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[80]; /* Name of file on disk. */ data/librsl-1.43/nsig.h:418:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipad100x12[12]; data/librsl-1.43/nsig.h:420:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char drive_name[16]; /* Name of tape drive written to. */ data/librsl-1.43/nsig.h:426:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipad_118x6[6]; data/librsl-1.43/nsig.h:427:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char siris_version[8]; /* Null terminated */ data/librsl-1.43/nsig.h:428:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipad_132x18[18]; data/librsl-1.43/nsig.h:433:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare[28]; data/librsl-1.43/nsig.h:435:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char site_name[16]; /* Name of site from setup program. */ data/librsl-1.43/nsig.h:450:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare2[264]; data/librsl-1.43/nsig.h:452:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare2[266]; data/librsl-1.43/nsig.h:545:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nuser_name[16]; data/librsl-1.43/nsig.h:566:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare[8]; data/librsl-1.43/nsig.h:572:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char user_name[15]; data/librsl-1.43/nsig.h:574:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare[10]; data/librsl-1.43/nsig.h:587:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare[120]; data/librsl-1.43/nsig.h:593:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare[120]; data/librsl-1.43/nsig.h:611:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare[94]; data/librsl-1.43/nsig.h:625:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare[18]; data/librsl-1.43/nsig.h:653:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare[52]; data/librsl-1.43/nsig.h:667:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filter_name[12]; data/librsl-1.43/nsig.h:682:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char custom_ray_hdr_name[16]; data/librsl-1.43/nsig.h:684:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipad_end[TASK_DSP_INFO_PAD]; data/librsl-1.43/nsig.h:686:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare[150]; data/librsl-1.43/nsig.h:700:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare1[8]; /* 10: <spare> 8 */ data/librsl-1.43/nsig.h:706:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare2[8]; /* 28: <spare> 8 */ data/librsl-1.43/nsig.h:711:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare3[276]; /* 44: <spare> 276 */ data/librsl-1.43/nsig.h:733:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare[132]; /* 24: <spare> 132 */ data/librsl-1.43/nsig.h:735:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare[136]; /* 24: <spare> 136 */ data/librsl-1.43/nsig.h:765:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare2[116]; data/librsl-1.43/nsig.h:767:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare3[112]; data/librsl-1.43/nsig.h:775:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serial_num[16]; /* T/R Serial Number */ data/librsl-1.43/nsig.h:783:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipad32x18[18]; /* Reserved for polarization description */ data/librsl-1.43/nsig.h:786:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare1[24]; data/librsl-1.43/nsig.h:792:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare2[2]; data/librsl-1.43/nsig.h:795:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare3[256]; data/librsl-1.43/nsig.h:801:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[12]; /* Name of task configuration file. */ data/librsl-1.43/nsig.h:802:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc[80]; /* Task description. */ data/librsl-1.43/nsig.h:812:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare[218]; data/librsl-1.43/nsig.h:814:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare[222]; data/librsl-1.43/nsig.h:831:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comments[720]; data/librsl-1.43/nsig.h:844:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare[5504]; data/librsl-1.43/nsig.h:856:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare[1260]; data/librsl-1.43/nsig.h:868:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char NSIG_Data_record[NSIG_BLOCK]; data/librsl-1.43/nsig.h:886:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tape_id_name[16]; data/librsl-1.43/nsig.h:887:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char site_name[16]; data/librsl-1.43/nsig.h:891:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare[262]; data/librsl-1.43/nsig_to_radar.c:179:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char radar_type[50], state[2], city[15]; data/librsl-1.43/nsig_to_radar.c:180:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char site_name[16]; data/librsl-1.43/nsig_to_radar.c:214:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(radar_type, "nsig2"); data/librsl-1.43/nsig_to_radar.c:217:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(radar_type, "nsig"); data/librsl-1.43/nsig_to_radar.c:220:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(state,"NA"); data/librsl-1.43/nsig_to_radar.c:221:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(city,"NA"); data/librsl-1.43/radar_to_hdf_1.c:113:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char GenInputDate[128]; data/librsl-1.43/radar_to_hdf_1.c:114:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char AlgorithmVersion[128]; data/librsl-1.43/radar_to_hdf_1.c:116:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char SoftwareVersion[128]; data/librsl-1.43/radar_to_hdf_1.c:303:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/librsl-1.43/radar_to_hdf_1.c:406:38: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (fileAccessMode == TK_NEW_FILE) strcpy(buf, "unKNOWN"); data/librsl-1.43/radar_to_hdf_1.c:418:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "UNKNOWN"); data/librsl-1.43/radar_to_hdf_1.c:1016:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char product[8]; data/librsl-1.43/radar_to_hdf_2.c:327:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *parm_list[20][3] = data/librsl-1.43/radar_to_hdf_2.c:725:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/librsl-1.43/radar_to_hdf_2.c:730:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "nSweep=%d\n", vs->tk.nsweep); data/librsl-1.43/radar_to_hdf_2.c:734:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "sweep[%.2d]--\n nRay=%d\n", tk_sindex, data/librsl-1.43/radar_to_hdf_2.c:739:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, " nCell_parm[%d]=%d\n", pindex, data/librsl-1.43/radar_to_hdf_2.c:746:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(comments, "********\n"); data/librsl-1.43/radar_to_hdf_2.c:750:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "-hThresh1 %.2f -hThresh2 %.2f -hThresh3 %.2f -zThresh0 %.2f -zThresh1 %.2f -zThresh2 %.2f -zThresh3 %.2f -hFreeze %.2f -dbzNoise %.2f -zCal %.2f\n\n", data/librsl-1.43/radar_to_uf.c:252:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&uf_ma[0], "UF", 2); data/librsl-1.43/radar_to_uf.c:253:30: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (little_endian()) memcpy(&uf_ma[0], "FU", 2); data/librsl-1.43/radar_to_uf.c:263:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&uf_ma[10], r->h.radar_name, 8); data/librsl-1.43/radar_to_uf.c:265:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&uf_ma[14], r->h.name, 8); data/librsl-1.43/radar_to_uf.c:307:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&uf_ma[31], "UT", 2); data/librsl-1.43/radar_to_uf.c:308:30: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (little_endian()) memcpy(&uf_ma[31], "TU", 2); data/librsl-1.43/radar_to_uf.c:324:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&uf_ma[40], "RSL" VERSION, 8); data/librsl-1.43/radar_to_uf.c:338:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&uf_op[0], "TRMMGVUF", 8); data/librsl-1.43/radar_to_uf.c:345:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&uf_op[9], "RADAR_UF", 8); data/librsl-1.43/radar_to_uf.c:381:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&uf_lu[0], "AZ", 2); data/librsl-1.43/radar_to_uf.c:382:32: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (little_endian()) memcpy(&uf_lu[0], "ZA", 2); data/librsl-1.43/radar_to_uf.c:428:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&uf_dh[3+2*(nfield-1)], RSL_ftype[k], 2); data/librsl-1.43/radar_to_uf.c:452:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&uf_fh[13], " ", 2); data/librsl-1.43/radar_to_uf.c:459:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&uf_fh[16], " ", 2); data/librsl-1.43/radar_to_uf.c:529:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(outfile, "w")) == NULL) { data/librsl-1.43/radar_to_uf.c:551:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(outfile, "w")) == NULL) { data/librsl-1.43/radtec.c:145:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ray_header.ray_num, &Buff[i], sizeof(short)); i+=sizeof(short); data/librsl-1.43/radtec.c:146:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ray_header.azim_angle, &Buff[i], sizeof(float)); i+=sizeof(float); data/librsl-1.43/radtec.c:147:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ray_header.elev_angle, &Buff[i], sizeof(float)); i+=sizeof(float); data/librsl-1.43/radtec.c:148:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ray_header.hour, &Buff[i], sizeof(short)); i+=sizeof(short); data/librsl-1.43/radtec.c:149:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ray_header.min, &Buff[i], sizeof(short)); i+=sizeof(short); data/librsl-1.43/radtec.c:150:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ray_header.sec, &Buff[i], sizeof(short)); i+=sizeof(short); data/librsl-1.43/radtec.c:185:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ray_array[nrays_seen].dbz, &Buff[i], *Size-i); data/librsl-1.43/radtec.c:199:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ray_array[nrays_seen].dbz[(ray_size-bytes_remaining)/4], &Buff[i], bytes_remaining); data/librsl-1.43/radtec.c:207:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ray_array[nrays_seen].dbz, &Buff[i], ray_size); data/librsl-1.43/radtec.c:242:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fp = fopen(infile, "r")) == NULL) { data/librsl-1.43/radtec.h:97:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spare[12]; /* Fill to 200 bytes. */ data/librsl-1.43/radtec_to_radar.c:155:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(radar->h.radar_type,"radtec"); data/librsl-1.43/radtec_to_radar.c:158:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(radar->h.name,"radtec"); /* Nexrad site name */ data/librsl-1.43/radtec_to_radar.c:159:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(radar->h.radar_name,"RADTEC"); /* Radar name. */ data/librsl-1.43/radtec_to_radar.c:160:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(radar->h.city,"Unknown"); /* nearest city to radar site */ data/librsl-1.43/radtec_to_radar.c:161:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(radar->h.state,"??"); /* state of radar site */ data/librsl-1.43/radtec_to_radar.c:162:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(radar->h.country,"???"); data/librsl-1.43/rainbow.c:59:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char string[20]; data/librsl-1.43/rainbow.c:259:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/librsl-1.43/rainbow.h:28:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char radarname[9]; data/librsl-1.43/rainbow_to_radar.c:87:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fp = fopen(infile, "r")) == NULL) { data/librsl-1.43/rainbow_to_radar.c:138:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(radar->h.radar_type, "rainbow"); data/librsl-1.43/rapic-lex.c:624:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rapiclval.token.s, yytext, yyleng);\ data/librsl-1.43/rapic.c:215:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char outbuf[2000000]; data/librsl-1.43/rapic.c:1210:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/librsl-1.43/rapic.c:1227:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yyformat[sizeof yyunexpected data/librsl-1.43/rapic.c:1395:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/librsl-1.43/rapic.c:1719:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). radar->h.number = atoi((yyvsp[(2) - (3)].token.s)); data/librsl-1.43/rapic.c:1726:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi((yyvsp[(2) - (2)].token.s)) <= 0) { data/librsl-1.43/rapic.c:1727:78: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fprintf(stderr, "RAPIC: /IMAGESIZE == %d. RAPIC ingest returning NULL.\n", atoi((yyvsp[(2) - (2)].token.s))); data/librsl-1.43/rapic.c:1736:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ifield = atoi((yyvsp[(8) - (11)].token.s)); data/librsl-1.43/rapic.c:1802:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). { rh.country = atoi((yyvsp[(2) - (2)].token.s)); } data/librsl-1.43/rapic.c:1807:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). { rh.station_id_no = atoi((yyvsp[(2) - (2)].token.s)); } data/librsl-1.43/rapic.c:1827:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). { rh.datno = atoi((yyvsp[(2) - (2)].token.s)); } data/librsl-1.43/rapic.c:1847:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). { rh.freq = atoi((yyvsp[(2) - (2)].token.s)); } data/librsl-1.43/rapic.c:1852:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). { rh.prf = atoi((yyvsp[(2) - (2)].token.s)); } data/librsl-1.43/rapic.c:1862:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). { rh.range_resolution = atoi((yyvsp[(2) - (2)].token.s)); } data/librsl-1.43/rapic.c:1882:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). { rh.video_resolution = atoi((yyvsp[(2) - (2)].token.s)); } data/librsl-1.43/rapic.c:1887:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). { rh.start_range = atoi((yyvsp[(2) - (2)].token.s)); } data/librsl-1.43/rapic.c:1892:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). { rh.end_range = atoi((yyvsp[(2) - (2)].token.s)); } data/librsl-1.43/rapic.c:1930:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). {rh.scannum = atoi((yyvsp[(1) - (1)].token.s));} data/librsl-1.43/rapic.c:1935:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). {rh.ofscans = atoi((yyvsp[(1) - (1)].token.s));} data/librsl-1.43/rapic.c:1970:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). {rh.ratio1 = atoi((yyvsp[(1) - (3)].token.s)); rh.ratio2 = atoi((yyvsp[(3) - (3)].token.s));} data/librsl-1.43/rapic.c:1970:64: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). {rh.ratio1 = atoi((yyvsp[(1) - (3)].token.s)); rh.ratio2 = atoi((yyvsp[(3) - (3)].token.s));} data/librsl-1.43/rapic_routines.c:78:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[16]; data/librsl-1.43/rapic_routines.c:85:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prefix, &inbuf[1], 15); data/librsl-1.43/rapic_routines.c:91:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&i16, &inbuf[17], 2); data/librsl-1.43/rapic_routines.c:298:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(radar->h.radar_type, "rapic"); /* Type of radar. */ data/librsl-1.43/rapic_routines.h:10:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namestr[20]; /* Berrima */ data/librsl-1.43/rapic_routines.h:17:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yyyymoddhhmmss[20]; /* 1998012705001 */ data/librsl-1.43/rapic_routines.h:24:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char clearair[4]; /* "ON" or "OFF" */ data/librsl-1.43/rapic_routines.h:29:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char product_type[10]; /* VOLUMETRIC */ data/librsl-1.43/rapic_routines.h:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imgfmt[20]; /* PPI, RHI, etc. */ data/librsl-1.43/rapic_routines.h:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char video[20]; /* Vel, Wid, ... */ data/librsl-1.43/rapic_to_radar.c:20:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(infile, "r")) == NULL) { data/librsl-1.43/read_write.c:54:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header_buf[512]; data/librsl-1.43/read_write.c:63:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ray_h, header_buf, sizeof(Ray_header)); data/librsl-1.43/read_write.c:73:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header_buf[512]; data/librsl-1.43/read_write.c:86:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sweep_h, header_buf, sizeof(Sweep_header)); data/librsl-1.43/read_write.c:98:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header_buf[512]; data/librsl-1.43/read_write.c:112:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vol_h, header_buf, sizeof(Volume_header)); data/librsl-1.43/read_write.c:180:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header_buf[512]; data/librsl-1.43/read_write.c:186:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title[100]; data/librsl-1.43/read_write.c:188:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(infile, "r")) == NULL) { data/librsl-1.43/read_write.c:197:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&radar_h, header_buf, sizeof(Radar_header)); data/librsl-1.43/read_write.c:227:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header_buf[512]; data/librsl-1.43/read_write.c:237:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header_buf, &r->h, sizeof(r->h)); data/librsl-1.43/read_write.c:245:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header_buf[512]; data/librsl-1.43/read_write.c:257:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header_buf, &s->h, sizeof(s->h)); data/librsl-1.43/read_write.c:269:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header_buf[512]; data/librsl-1.43/read_write.c:287:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header_buf, &v->h, sizeof(v->h)); data/librsl-1.43/read_write.c:308:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header_buf[512]; data/librsl-1.43/read_write.c:312:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title[100]; data/librsl-1.43/read_write.c:321:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header_buf, &radar->h, sizeof(radar->h)); data/librsl-1.43/read_write.c:351:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(outfile, "w")) == NULL) { data/librsl-1.43/read_write.c:371:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(outfile, "w")) == NULL) { data/librsl-1.43/rsl.h:251:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char radar_type[50]; /* Radar types. */ data/librsl-1.43/rsl.h:285:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char radar_type[50]; /* Value of Constant radar->h.radar_type */ data/librsl-1.43/rsl.h:330:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char radar_type[50]; /* Type of radar. Use for QC-ing the data. data/librsl-1.43/rsl.h:344:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8]; /* Nexrad site name */ data/librsl-1.43/rsl.h:345:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char radar_name[8]; /* Radar name. */ data/librsl-1.43/rsl.h:346:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char project[24]; /* Project identifier. */ data/librsl-1.43/rsl.h:347:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char city[15]; /* nearest city to radar site */ data/librsl-1.43/rsl.h:348:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state[3]; /* state of radar site */ data/librsl-1.43/rsl.h:349:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char country[15]; data/librsl-1.43/rsl.h:670:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_get_color_table(int icolor, char buffer[256], int *ncolors); data/librsl-1.43/rsl.h:674:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_load_color_table(char *infile, char buffer[256], int *ncolors); data/librsl-1.43/rsl.h:674:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_load_color_table(char *infile, char buffer[256], int *ncolors); data/librsl-1.43/rsl.h:701:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_set_color_table(int icolor, char buffer[256], int ncolors); data/librsl-1.43/rsl.h:710:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_write_gif(char *outfile, unsigned char *image, data/librsl-1.43/rsl.h:710:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_write_gif(char *outfile, unsigned char *image, data/librsl-1.43/rsl.h:711:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int xdim, int ydim, char c_table[256][3]); data/librsl-1.43/rsl.h:714:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_write_pict(char *outfile, unsigned char *image, data/librsl-1.43/rsl.h:714:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_write_pict(char *outfile, unsigned char *image, data/librsl-1.43/rsl.h:715:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int xdim, int ydim, char c_table[256][3]); data/librsl-1.43/rsl.h:716:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_write_ppm(char *outfile, unsigned char *image, data/librsl-1.43/rsl.h:716:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void RSL_write_ppm(char *outfile, unsigned char *image, data/librsl-1.43/rsl.h:717:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int xdim, int ydim, char c_table[256][3]); data/librsl-1.43/toga.c:95:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((tg_file->fd=open(filename,O_RDONLY)) == -1) data/librsl-1.43/toga.c:150:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(tg_file->map_head),&buf,sizeof(tg_map_head_str)); data/librsl-1.43/toga.c:217:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wbuf,&(tg_file->dec_buf[tg_file->buf_ind]), data/librsl-1.43/toga.c:277:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wbuf,&(tg_file->dec_buf[tg_file->buf_ind]), data/librsl-1.43/toga.c:289:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wbuf,&(tg_file->dec_buf[tg_file->buf_ind]),wsize * 2); data/librsl-1.43/toga.c:319:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wbuf,&(tg_file->recbuf.data[tg_file->data_ind]), data/librsl-1.43/toga.c:361:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wbuf,&(tg_file->recbuf.data[tg_file->data_ind]),wsize*2); data/librsl-1.43/toga.c:370:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[TG_RECSIZE]; data/librsl-1.43/toga.c:395:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(tg_file->recbuf),buf,TG_RECSIZE); data/librsl-1.43/toga.h:159:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[16]; /* file name if scan mode is file (value 4)*/ data/librsl-1.43/toga.h:294:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comments[680]; data/librsl-1.43/toga_to_radar.c:262:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(radar->h.radar_type, "toga"); data/librsl-1.43/toga_to_radar.c:265:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(radar->h.radar_name, "TOGA"); data/librsl-1.43/toga_to_radar.c:266:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(radar->h.city, "Darwin"); data/librsl-1.43/uf_to_radar.c:288:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(radar->h.radar_name, &uf_ma[10], 8); data/librsl-1.43/uf_to_radar.c:290:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(radar->h.name, &uf_ma[14], 8); data/librsl-1.43/uf_to_radar.c:345:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(radar->h.radar_type, "uf"); data/librsl-1.43/uf_to_radar.c:355:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(proj_name, (short *)(uf + uf_ma[2] - 1), 8); data/librsl-1.43/uf_to_radar.c:476:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[6]; data/librsl-1.43/uf_to_radar.c:505:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uf, &magic.buf[4], 2); data/librsl-1.43/uf_to_radar.c:528:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uf, &magic.buf[2], 4); data/librsl-1.43/uf_to_radar.c:549:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sbytes, &magic.buf[2], 2); /* Record length is in word #2. */ data/librsl-1.43/uf_to_radar.c:552:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uf, &magic.buf[0], 6); data/librsl-1.43/uf_to_radar.c:558:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sbytes, &uf[1], 2); /* Record length is in word #2. */ data/librsl-1.43/uf_to_radar.c:601:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). } else if ((fp = fopen(infile, "r")) == NULL) { data/librsl-1.43/volume.c:718:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_ray->range, r->range, r->h.nbins*sizeof(Range)); data/librsl-1.43/wsr88d.c:77:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char byte[4]; data/librsl-1.43/wsr88d.c:245:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). wf->fptr = fopen(filename, "r"); data/librsl-1.43/wsr88d.c:327:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(first_file, "r")) == NULL) { data/librsl-1.43/wsr88d.c:444:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wsr88d_sweep->ray[ray_num], &wsr88d_ray, sizeof(Wsr88d_ray)); data/librsl-1.43/wsr88d.c:461:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wsr88d_sweep->ray[ray_num], &wsr88d_ray, sizeof(Wsr88d_ray)); data/librsl-1.43/wsr88d.h:14:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char archive2[8]; /* Always ARCHIVE2 */ data/librsl-1.43/wsr88d.h:15:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char site_id[4]; /* 4-leter site ID. e.g. KLMB */ data/librsl-1.43/wsr88d.h:16:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tape_num[6]; /* NCDC tape number. e.g. N00001 */ data/librsl-1.43/wsr88d.h:18:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[9]; /* Date tape written. dd-MMM-yy e.g. 19-FEB-93 */ data/librsl-1.43/wsr88d.h:20:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time[8]; /* Time tape written. hh:mm:ss. e.g. 10:22:59 */ data/librsl-1.43/wsr88d.h:22:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_center[5]; /* Data Center writing tape: RDASC or NCDC. */ data/librsl-1.43/wsr88d.h:23:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wban_num[5]; /* WBAN number of this NEXRAD site. This is a data/librsl-1.43/wsr88d.h:30:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tape_mode[5]; /* Tape output mode. Current values are 8200, 8500, data/librsl-1.43/wsr88d.h:32:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char volume_num[5]; /* A volume number to be used for copies and data/librsl-1.43/wsr88d.h:35:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b4[6]; /* Blank. Available for future use. */ data/librsl-1.43/wsr88d.h:36:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b5[31552]; /* May be used for internal controls or data/librsl-1.43/wsr88d.h:47:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[9]; data/librsl-1.43/wsr88d.h:48:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ext[3]; data/librsl-1.43/wsr88d.h:51:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unused1[4]; data/librsl-1.43/wsr88d.h:116:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[2300]; data/librsl-1.43/wsr88d.h:119:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char fts[4]; data/librsl-1.43/wsr88d.h:126:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[4]; /* Nexrad site name */ data/librsl-1.43/wsr88d.h:127:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char city[15]; /* nearest city to radaar site */ data/librsl-1.43/wsr88d.h:128:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state[2]; /* state of radar site */ data/librsl-1.43/wsr88d_get_site.c:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[100]; data/librsl-1.43/wsr88d_get_site.c:45:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char in_site[5],in_city[16],in_state[4]; /* One extra for \0 */ data/librsl-1.43/wsr88d_get_site.c:49:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((in_file=fopen(WSR88D_SITE_INFO_FILE, "r")) !=NULL) data/librsl-1.43/wsr88d_m31.c:55:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char radar_id[4]; data/librsl-1.43/wsr88d_m31.c:84:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dataname[4]; data/librsl-1.43/wsr88d_m31.c:103:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[MAX_RADIAL_LENGTH]; data/librsl-1.43/wsr88d_m31.c:263:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&unamb_rng_sh, &wsr88d_ray->data[dindex+6], 2); data/librsl-1.43/wsr88d_m31.c:264:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nyq_vel_sh, &wsr88d_ray->data[dindex+16], 2); data/librsl-1.43/wsr88d_m31.c:293:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&wsr88d_ray->ray_hdr, &wsr88d_ray->data, sizeof(Ray_header_m31)); data/librsl-1.43/wsr88d_m31.c:410:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&data_hdr, &wsr88d_ray->data[data_index], hdr_size); data/librsl-1.43/wsr88d_to_radar.c:172:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ray_ptr->range, c_data, n*sizeof(Range)); data/librsl-1.43/wsr88d_to_radar.c:233:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char site_id_str[5]; data/librsl-1.43/wsr88d_to_radar.c:236:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version[8]; data/librsl-1.43/wsr88d_to_radar.c:263:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(site_id_str, wsr88d_tape_header.site_id, 4); data/librsl-1.43/wsr88d_to_radar.c:419:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&radar->h.name, sitep->name, sizeof(sitep->name)); data/librsl-1.43/wsr88d_to_radar.c:420:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&radar->h.radar_name, sitep->name, sizeof(sitep->name)); /* Redundant */ data/librsl-1.43/wsr88d_to_radar.c:421:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&radar->h.city, sitep->city, sizeof(sitep->city)); data/librsl-1.43/wsr88d_to_radar.c:422:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&radar->h.state, sitep->state, sizeof(sitep->state)); data/librsl-1.43/wsr88d_to_radar.c:423:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(radar->h.radar_type, "wsr88d"); data/librsl-1.43/carpi.c:205:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(carpi->radar_type, cappi->radar_type, sizeof(cappi->radar_type)); data/librsl-1.43/dorade_to_radar.c:77:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(prtname, dorade_field_name, 8); data/librsl-1.43/dorade_to_radar.c:241:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(radar->h.name, vd->flight_num, sizeof(radar->h.name)); data/librsl-1.43/dorade_to_radar.c:242:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(radar->h.radar_name, rd->radar_name, sizeof(radar->h.radar_name)); data/librsl-1.43/dorade_to_radar.c:243:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(radar->h.project, vd->project_name, sizeof(radar->h.project)); data/librsl-1.43/dorade_to_radar.c:245:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(radar->h.state, "UKN", 3); data/librsl-1.43/examples/qlook.c:40:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(pathname, "/"); data/librsl-1.43/examples/qlook.c:131:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(site_id, basename(inpath), 4); data/librsl-1.43/hdf_to_radar.c:476:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(radar->h.radar_type, "**", 48); /*********/ data/librsl-1.43/hdf_to_radar.c:479:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(radar->h.name, gvl1->sensor.radarDesc.radarName, 7); data/librsl-1.43/hdf_to_radar.c:480:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(radar->h.radar_name, gvl1->sensor.sweepInfo[0].radarName, 7); data/librsl-1.43/hdf_to_radar.c:631:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(parseString, ""); data/librsl-1.43/hdf_to_radar.c:773:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(radar->h.city, buf, 14); data/librsl-1.43/hdf_to_radar.c:775:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(radar->h.state, buf, 2); data/librsl-1.43/hdf_to_radar.c:816:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(hdfFileName, infile, TK_MAX_FILENAME-1); data/librsl-1.43/image_gen.c:327:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). outfile = (char *)calloc(strlen(basename)+7, sizeof(char)); data/librsl-1.43/radar_to_hdf_1.c:129:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tkMetaDataString.s, str, sizeof(tkMetaDataString.s)-1) data/librsl-1.43/radar_to_hdf_1.c:1039:2: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(strrchr(hdfFileName, '/'), "/%4s", product); data/librsl-1.43/radar_to_hdf_2.c:351:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(parmDesc->parmName, parm_list[vindex][0], 7); data/librsl-1.43/radar_to_hdf_2.c:352:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(parmDesc->parmDesc, parm_list[vindex][2], 39); data/librsl-1.43/radar_to_hdf_2.c:353:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(parmDesc->parmUnits, parm_list[vindex][1], 7); data/librsl-1.43/radar_to_hdf_2.c:364:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(parmDesc->thresholdField, "NONE", 8); data/librsl-1.43/radar_to_hdf_2.c:481:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sweepInfo[tk_sindex].radarName, radar->h.radar_name, 8); data/librsl-1.43/radar_to_hdf_2.c:511:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(radarDesc->radarName, radar->h.name, 8); data/librsl-1.43/radar_to_hdf_2.c:682:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(volDes->projectName, "TRMM GV", 20); data/librsl-1.43/radar_to_hdf_2.c:690:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(volDes->flightNum, "***", 8); data/librsl-1.43/radar_to_hdf_2.c:692:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(volDes->facName, "TSDIS", 8); data/librsl-1.43/radar_to_hdf_2.c:743:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(comments, "\n"); data/librsl-1.43/rainbow.c:219:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(fp)) != CR && c != ETX) { data/librsl-1.43/rainbow.c:221:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(fp); /* Read past both <ETB> and the */ data/librsl-1.43/rainbow.c:222:23: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (c == CR) c = getc(fp); /* combination <ETB><CR>. */ data/librsl-1.43/rainbow_to_radar.c:95:14: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = fgetc(fp)) != SOH) { data/librsl-1.43/rapic-lex.c:721:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/librsl-1.43/rapic.c:1091:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/librsl-1.43/toga.c:129:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if((n = read(tg_file->fd,&buf,TG_HDSIZE)) != TG_HDSIZE) data/librsl-1.43/toga.c:372:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if((n = read(tg_file->fd,buf,TG_RECSIZE)) < 0) data/librsl-1.43/toga_to_radar.c:264:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(radar->h.name, ""); data/librsl-1.43/toga_to_radar.c:267:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(radar->h.state, ""); data/librsl-1.43/wsr88d_to_radar.c:254:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (strlen(call_or_first_tape_file) == 4) data/librsl-1.43/wsr88d_to_radar.c:256:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen(call_or_first_tape_file) == 0) { data/librsl-1.43/wsr88d_to_radar.c:304:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(version, wsr88d_file_header.title.filename, 8); ANALYSIS SUMMARY: Hits = 543 Lines analyzed = 31980 in approximately 1.14 seconds (28070 lines/second) Physical Source Lines of Code (SLOC) = 20199 Hits@level = [0] 1001 [1] 41 [2] 438 [3] 7 [4] 57 [5] 0 Hits@level+ = [0+] 1544 [1+] 543 [2+] 502 [3+] 64 [4+] 57 [5+] 0 Hits/KSLOC@level+ = [0+] 76.4394 [1+] 26.8825 [2+] 24.8527 [3+] 3.16847 [4+] 2.82192 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.