Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/minc-tools-2.3.00+dfsg/progs/mincmakescalar/mincmakescalar.c
Examining data/minc-tools-2.3.00+dfsg/progs/minc_modify_header/minc_modify_header.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincmakevector/mincmakevector.c
Examining data/minc-tools-2.3.00+dfsg/progs/minccopy/minccopy.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincexpand/mincexpand.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincstats/mincstats.c
Examining data/minc-tools-2.3.00+dfsg/progs/minclookup/minclookup.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincblob/mincblob.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincinfo/mincinfo.c
Examining data/minc-tools-2.3.00+dfsg/progs/xfm/xfminvert.c
Examining data/minc-tools-2.3.00+dfsg/progs/xfm/xfmconcat.c
Examining data/minc-tools-2.3.00+dfsg/progs/xfm/xfm2def.c
Examining data/minc-tools-2.3.00+dfsg/progs/xfm/transformtags.c
Examining data/minc-tools-2.3.00+dfsg/progs/rawtominc/rawtominc.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincdump/dumplib.h
Examining data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincdump/dumplib.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.h
Examining data/minc-tools-2.3.00+dfsg/progs/mincdump/mincdump.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincdump/mincdump.h
Examining data/minc-tools-2.3.00+dfsg/progs/mincgen/generic.h
Examining data/minc-tools-2.3.00+dfsg/progs/mincgen/main.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincgen/escapes.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincgen/ncgen.h
Examining data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincgen/init.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.h
Examining data/minc-tools-2.3.00+dfsg/progs/mincgen/getfill.c
Examining data/minc-tools-2.3.00+dfsg/progs/coordinates/worldtovoxel.c
Examining data/minc-tools-2.3.00+dfsg/progs/coordinates/voxeltoworld.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincresample/resample_volumes.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.h
Examining data/minc-tools-2.3.00+dfsg/progs/minctoraw/minctoraw.c
Examining data/minc-tools-2.3.00+dfsg/progs/minccalc/vector.c
Examining data/minc-tools-2.3.00+dfsg/progs/minccalc/node.h
Examining data/minc-tools-2.3.00+dfsg/progs/minccalc/minccalc.c
Examining data/minc-tools-2.3.00+dfsg/progs/minccalc/sym.c
Examining data/minc-tools-2.3.00+dfsg/progs/minccalc/gram.c
Examining data/minc-tools-2.3.00+dfsg/progs/minccalc/optim.c
Examining data/minc-tools-2.3.00+dfsg/progs/minccalc/scalar.c
Examining data/minc-tools-2.3.00+dfsg/progs/minccalc/lex.c
Examining data/minc-tools-2.3.00+dfsg/progs/minccalc/errx.h
Examining data/minc-tools-2.3.00+dfsg/progs/minccalc/ident.c
Examining data/minc-tools-2.3.00+dfsg/progs/minccalc/eval.c
Examining data/minc-tools-2.3.00+dfsg/progs/minccalc/node.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincsample/mt19937ar.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincsample/mt19937ar.h
Examining data/minc-tools-2.3.00+dfsg/progs/mincsample/mincsample.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincwindow/mincwindow.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincaverage/mincaverage.c
Examining data/minc-tools-2.3.00+dfsg/progs/minccmp/minccmp.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincmath/mincmath.c
Examining data/minc-tools-2.3.00+dfsg/progs/Proglib/convert_origin_to_start.c
Examining data/minc-tools-2.3.00+dfsg/progs/Proglib/minc_endian.h
Examining data/minc-tools-2.3.00+dfsg/progs/Proglib/convert_origin_to_start.h
Examining data/minc-tools-2.3.00+dfsg/progs/Proglib/minc_endian.c
Examining data/minc-tools-2.3.00+dfsg/progs/Proglib/vax_conversions.h
Examining data/minc-tools-2.3.00+dfsg/progs/Proglib/vax_conversions.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincextract/mincextract.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.h
Examining data/minc-tools-2.3.00+dfsg/progs/mincreshape/copy_data.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincconvert/mincconvert.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincmorph/kernel_io.h
Examining data/minc-tools-2.3.00+dfsg/progs/mincmorph/kernel_ops.h
Examining data/minc-tools-2.3.00+dfsg/progs/mincmorph/kernel_ops.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincmorph/kernel_io.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincmorph/mincmorph.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincconcat/mincconcat.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincexample/mincexample1.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincexample/mincexample2.c
Examining data/minc-tools-2.3.00+dfsg/progs/mincview/invert_raw_image.c
Examining data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c
Examining data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.c
Examining data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.h
Examining data/minc-tools-2.3.00+dfsg/conversion/minctoecat/minctoecat.c
Examining data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.h
Examining data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.h
Examining data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c
Examining data/minc-tools-2.3.00+dfsg/conversion/mnitominc/mnitominc.h
Examining data/minc-tools-2.3.00+dfsg/conversion/mnitominc/mnitominc.c
Examining data/minc-tools-2.3.00+dfsg/conversion/mri_to_minc/ge_uncompress.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_read.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/string_to_filename.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/gems_element_defs.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/acr_element_defs.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_read.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_to_dicom.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_table.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/spi_element_defs.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_to_dicom.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/ext_element_defs.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/progress.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/pms_element_defs.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/string_to_filename.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/progress.c
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/group.c
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/message.c
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/sample_dicom_client.c
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_nema/dicom_client_routines.h
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_nema/dicom_network.h
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_nema/message.h
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_nema/file_io.h
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_nema/group.h
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_nema/acr_io.h
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_nema/value_repr.h
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_nema/element.h
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/copy_acr_nema.c
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_io.c
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/element.c
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/extract_acr_nema.c
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/read_acr_nema.c
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_test.c
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/value_repr.c
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_test.c
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dump_acr_nema.c
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/file_io.c
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_client_routines.c
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/globals.c
Examining data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_nema.h
Examining data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c
Examining data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/dbh.h
Examining data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c
Examining data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/make_hdr.c
Examining data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/spm_dbh.h
Examining data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/show_hdr.c
Examining data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/dbh.h
Examining data/minc-tools-2.3.00+dfsg/conversion/ecattominc/machine_indep.c
Examining data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecat_header_definition.h
Examining data/minc-tools-2.3.00+dfsg/conversion/ecattominc/insertblood.c
Examining data/minc-tools-2.3.00+dfsg/conversion/ecattominc/machine_indep.h
Examining data/minc-tools-2.3.00+dfsg/conversion/ecattominc/dump_ecat_header.c
Examining data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecat_file.h
Examining data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecat_file.c
Examining data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c
Examining data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scx_file.c
Examining data/minc-tools-2.3.00+dfsg/conversion/scxtominc/insertblood.c
Examining data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxmnem.c
Examining data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxtominc.c
Examining data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scx_header_def.h
Examining data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scx_file.h
Examining data/minc-tools-2.3.00+dfsg/conversion/scxtominc/isotope_list.h
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/ftoui.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/atof.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/imageinvert.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/ltoa.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/uitof.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/imagetranspose.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/atol.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/btof.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/itof.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/extract.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/itoa.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/byte_swap4.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/btoa.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/byte_swap.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/ftoi.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/ftoa.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/skipdata.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/ftob.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/frange.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/fscale.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/atob.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/insert.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/atoi.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/reecho.c
Examining data/minc-tools-2.3.00+dfsg/conversion/image_filters/fmaxmin.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver/open_connection.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver/string_to_filename.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver/dicomserver-debug.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver/use_the_files.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver/dicomserver.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver/minc_file.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_to_minc.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver/save_transferred_object.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver/dicomserver.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver/dicom_prototypes.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver/dicom_element_defs.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver/spi_element_defs.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver/project_file.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver/reply.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_to_minc.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver/dicom_element_defs.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/open_connection.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/string_to_filename.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/modify_group_list.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_include_files.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_type.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_basic_types.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_messages.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_constants.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_transformation.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_functions.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_acr_groups_types.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_date.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_transformation_control.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/STC_Common_Status.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-debug.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/parse_dicom_groups.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/use_the_files.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_send.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/save_transferred_object.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicom_prototypes.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicom_element_defs.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_header_table.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/spi_element_defs.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/project_file.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_to_dicom.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/reply.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/ext_element_defs.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc2.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomreader.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.h
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicom_element_defs.c
Examining data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/progress.c
Examining data/minc-tools-2.3.00+dfsg/conversion/nifti1/nii2mnc.c
Examining data/minc-tools-2.3.00+dfsg/conversion/nifti1/analyze75.h
Examining data/minc-tools-2.3.00+dfsg/conversion/nifti1/mnc2nii.c
Examining data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti1_test.c
Examining data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c
Examining data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti1_local.h
Examining data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c
FINAL RESULTS:
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/use_the_files.c:189:20: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
(void) chown(output_file_name, (uid_t) output_uid,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/use_the_files.c:285:10: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
(void) chown(output_file_name, (uid_t) output_uid,
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/copy_acr_nema.c:89:20: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf(stderr, usage, pname);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/copy_acr_nema.c:113:20: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf(stderr, usage, pname);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dump_acr_nema.c:156:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(line, "%s %x %x %s\n", name, &grp_id, &el_id, vr) != 4) {
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dump_acr_nema.c:230:20: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf(stderr, usage, pname);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dump_acr_nema.c:257:20: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf(stderr, usage, pname);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/element.c:1291:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(data, value);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/extract_acr_nema.c:126:20: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf(stderr, usage, pname);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/extract_acr_nema.c:158:20: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf(stderr, usage, pname);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/extract_acr_nema.c:167:14: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf(stderr, usage, pname);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/file_io.c:471:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(trace_file, Input_trace_file);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/file_io.c:592:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(trace_file, Output_trace_file);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:272:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s.hdr",argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:341:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s.img",argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:360:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(data_file,"%s.tmp.img",argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:366:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(data_file,"%s.img",argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:379:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s.tmp.tmp.img",argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:402:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"/bin/mv %s.tmp.tmp.img %s.tmp.img",argv[1],argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:403:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(string_a);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:422:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:430:1: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(string_a);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:437:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"/bin/rm %s",data_file);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:438:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(string_a);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:140:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s %s.mnc | tail +2 | head -1 > %s.tmp",MINCINFO,argv[1],argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:141:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(string_a);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:142:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s.tmp",argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:144:3: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fd2,"%s %s %s",string_a,(char *)&string_array_a[0],(char *)&string_array_a[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:173:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s %s.mnc | grep image: > %s.tmp",MINCINFO,argv[1],argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:174:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(string_a);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:175:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s.tmp",argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:177:3: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fd2,"%s %s %s %s %s %s",(char *)&string_array_a[0],(char *)&string_array_a[1],(char *)&string_array_a[2],
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:187:3: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fd2,"%s %s %s %s",string_a,(char *)&string_array_a[0],(char *)&string_array_a[1],(char *)&string_array_a[2]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:193:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s %s.mnc | tail -3 | grep zspace > %s.tmp",MINCINFO,argv[1],argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:194:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(string_a);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:195:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s.tmp",argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:197:3: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fd2,"%s %s %s %s",string_a,(char *)&string_array_a[0],(char *)&string_array_a[1],(char *)&string_array_a[2]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:203:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s %s.mnc | tail -3 | grep yspace > %s.tmp",MINCINFO,argv[1],argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:204:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(string_a);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:205:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s.tmp",argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:207:3: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fd2,"%s %s %s %s",string_a,(char *)&string_array_a[0],(char *)&string_array_a[1],(char *)&string_array_a[2]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:213:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s %s.mnc | tail -3 | grep xspace > %s.tmp",MINCINFO,argv[1],argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:214:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(string_a);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:215:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s.tmp",argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:217:3: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fd2,"%s %s %s %s",string_a,(char *)&string_array_a[0],(char *)&string_array_a[1],(char *)&string_array_a[2]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:223:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s %s.mnc | grep dimensions | grep time > %s.tmp",MINCINFO,argv[1],argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:224:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(string_a);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:225:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s.tmp",argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:227:3: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fd2,"%s %s %s",string_a,(char *)&string_array_a[0],(char *)&string_array_a[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:230:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s %s.mnc | tail -4 | grep time > %s.tmp",MINCINFO,argv[1],argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:231:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(string_a);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:232:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s.tmp",argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:234:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fd2,"%s %s %s %s",string_a,(char *)&string_array_a[0],(char *)&string_array_a[1],(char *)&string_array_a[2]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:240:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"/bin/rm %s.tmp",argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:241:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(string_a);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:246:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s -normalize %s %s.mnc > %s.img",MINCTORAW,type_string,argv[1],argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:248:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(string_a);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:254:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s.img",argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:266:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s %s.mnc | tail -3 > %s.tmp",MINCINFO,argv[1],argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:267:1: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(string_a);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:268:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s.tmp",argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:270:1: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fd2,"%s %s %s %s",(char *)&string_array_a[2],string_a,string_a,string_a);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:271:1: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fd2,"%s %s %s %s",(char *)&string_array_a[1],string_a,string_a,string_a);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:272:1: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fd2,"%s %s %s %s",(char *)&string_array_a[0],string_a,string_a,string_a);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:289:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"/bin/rm %s.tmp",argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:290:1: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(string_a);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:437:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s.img",argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:445:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s.hdr",argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:461:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_a,"%s ",argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:463:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hdr.hk.db_name,string_a);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:304:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_dir, argv[argc - 1]);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:351:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_str, argv[ifile + 1]);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:356:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(&tmp_str[length], np->d_name);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:713:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file_prefix, out_dir);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:776:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_patient_name, di_ptr[ifile]->patient_name);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:777:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_patient_id, di_ptr[ifile]->patient_id);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:778:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_sequence_name, di_ptr[ifile]->sequence_name);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:974:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, "%s %s", G.command_line, output_file_name);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:978:23: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((fp = popen(string, "r")) != NULL) {
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:980:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fp, "%s", pipe_output_name);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_read.c:316:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gi_ptr->image_type_string, acr_find_string(group_list,
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:2365:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(field_ptr, "%*s %*s %s", value);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:224:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scan_label[imri], "%s%d",
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:259:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_str, gi_ptr->patient.reg_time);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:369:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(full_path, file_prefix);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:375:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(full_path, temp_name);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:400:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(full_path, temp_name);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_to_dicom.c:956:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, "%s\\%s\\%s", y, x, z);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/dicomserver.c:222:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(file_prefix, temp_dir);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/dicomserver.c:580:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(exit_string, "%s. Disconnecting.",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/minc_file.c:114:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(scan_label[imri], "_%s%d", scan_prefix[imri],
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/minc_file.c:123:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(temp_name, "%s%s_%s_%s%s%s%s%s%s_mri.mnc",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/minc_file.c:417:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(name, "%s-indices", dimname);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/project_file.c:119:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(output_default_file, "%s/%s%s",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/project_file.c:131:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(string, "%s %d %d", file_prefix, output_uid, output_gid) != 3) {
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/project_file.c:199:26: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void) strcat(strcat(project_option_string, filler), name);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/project_file.c:199:33: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void) strcat(strcat(project_option_string, filler), name);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/save_transferred_object.c:105:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(temp_name, "%s-%04d-%s_%d_%d_%d.dcm",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/use_the_files.c:167:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(string, "%s %s", command_line, output_file_name);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/use_the_files.c:168:21: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((fp=popen(string, "r")) != NULL) {
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/use_the_files.c:169:23: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) fscanf(fp, "%s", output_file_name);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:200:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(IdStr,argv[ix]);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:205:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Name,argv[ix]);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:216:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(command_line,argv[ix]);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:245:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(OutDir,argv[argc-1]);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:384:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out_dir, patient_name);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:395:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out_dir, patient_id);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:406:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out_dir, reg_date);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:417:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out_dir, reg_time);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:435:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (temp_name);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc2.c:169:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(IdStr,argv[ix]);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc2.c:174:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Name,argv[ix]);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc2.c:185:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(command_line,argv[ix]);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc2.c:214:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(OutDir,argv[argc-1]);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomreader.c:141:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(OutDir,argv[argc-1]);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug.c:227:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(OutDir,argv[ix]);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug.c:336:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(file_prefix, temp_dir);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug.c:796:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(exit_string, "%s. Disconnecting.",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:240:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(OutDir,argv[ix]);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:349:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(file_prefix, temp_dir);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:773:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out_dir, patient_name);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:784:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out_dir, patient_id);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:795:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out_dir, reg_date);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:806:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out_dir, reg_time);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:821:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp_name,out_dir);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:828:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp_name,temp_dir);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:831:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (temp_name);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:950:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(exit_string, "%s. Disconnecting.",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:167:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(patient_name,Name);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:228:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(scan_label[imri], "%s%d", scan_prefix[imri],
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:238:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(full_path,file_prefix);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:241:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(temp_name, "%s_%s_%s/",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:248:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(full_path,temp_name);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:263:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(temp_name, "%s%s_%s_%s_%s%s%s%s%s%s_mri.mnc",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/project_file.c:124:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(output_default_file, "%s/%s%s",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/project_file.c:136:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(string, "%s %d %d", file_prefix, output_uid, output_gid) != 3) {
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/project_file.c:204:26: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void) strcat(strcat(project_option_string, filler), name);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/project_file.c:204:33: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void) strcat(strcat(project_option_string, filler), name);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/save_transferred_object.c:140:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(full_path, file_prefix2);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/save_transferred_object.c:142:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(temp_name, "dicom-%s-%f/", patient_name, study_id);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/save_transferred_object.c:143:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (full_path, temp_name);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/save_transferred_object.c:146:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(temp_name, "%s%s-%04d-%s_%f_%d_%d.dcm",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:1067:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(general_info->acq.MrProt,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_send.c:380:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(fullpath, "%s/%s",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_send.c:714:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(fullpath, "%s/%s",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.c:947:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(field_ptr,"%s %s %s",FieldName,Separator,FieldValue);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/use_the_files.c:144:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file_prefix,OutDir);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/use_the_files.c:147:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file_prefix,project_name);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/use_the_files.c:260:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(string, "%s %s", command_line, output_file_name);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/use_the_files.c:263:11: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((fp=popen(string, "r")) != NULL) {
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/use_the_files.c:264:12: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) fscanf(fp, "%s", output_file_name);
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecat_file.c:740:34: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (svalue != NULL) (void) strcpy(svalue, string);
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:685:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(fip->image_type, ECAT_ACTIVITY);
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:816:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(general_info->img_units, NCURIE_PER_CC_STRING);
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:832:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(general_info->patient_sex, MI_MALE);
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:836:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(general_info->patient_sex, MI_FEMALE);
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:839:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(general_info->patient_sex, MI_OTHER);
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:855:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(general_info->patient_birthdate,
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:903:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(general_info->start_time, "%d-%s-%d %d:%d:%d",
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:921:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(general_info->injection_time,
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:1012:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(&field_list[num_fields].values[length+1],
data/minc-tools-2.3.00+dfsg/conversion/image_filters/atob.c:24:11: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
while (scanf(CONTROL_STRING, &temp) > 0) {
data/minc-tools-2.3.00+dfsg/conversion/image_filters/atof.c:23:11: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
while (scanf(CONTROL_STRING, &value) > 0) {
data/minc-tools-2.3.00+dfsg/conversion/image_filters/atoi.c:23:11: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
while (scanf(CONTROL_STRING, &value) > 0) {
data/minc-tools-2.3.00+dfsg/conversion/image_filters/atol.c:23:11: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
while (scanf(CONTROL_STRING, &value) > 0) {
data/minc-tools-2.3.00+dfsg/conversion/image_filters/btoa.c:25:14: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) printf(CONTROL_STRING, (PRINTF_TYPE) value);
data/minc-tools-2.3.00+dfsg/conversion/image_filters/ftoa.c:25:14: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) printf(CONTROL_STRING, (PRINTF_TYPE) value);
data/minc-tools-2.3.00+dfsg/conversion/image_filters/itoa.c:25:14: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) printf(CONTROL_STRING, (PRINTF_TYPE) value);
data/minc-tools-2.3.00+dfsg/conversion/image_filters/ltoa.c:25:14: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) printf(CONTROL_STRING, (PRINTF_TYPE) value);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:456:13: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:463:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, ap);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:715:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(img_fname, argv[i]);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:716:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hdr_fname, argv[i]);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:750:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_fname, argv[i+1]);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:754:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_fname, img_fname);
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.c:78:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mptr->fname, fname);
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.c:145:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mn,"%s%d%s", magicNumber,header->sw_version,
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.c:571:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (mptr->fname) strcpy(matrix_errtxt,mptr->fname);
data/minc-tools-2.3.00+dfsg/conversion/nifti1/mnc2nii.c:292:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_str, argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/nifti1/mnc2nii.c:299:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_str, argv[2]);
data/minc-tools-2.3.00+dfsg/conversion/nifti1/mnc2nii.c:397:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nii_ptr->fname, out_str);
data/minc-tools-2.3.00+dfsg/conversion/nifti1/mnc2nii.c:398:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nii_ptr->iname, out_str);
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti1_test.c:63:42: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
nim->fname = (char *)calloc(1,ll+6) ; strcpy(nim->fname,argv[iarg]) ;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti1_test.c:64:42: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
nim->iname = (char *)calloc(1,ll+6) ; strcpy(nim->iname,argv[iarg]) ;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nii2mnc.c:177:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_str, argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nii2mnc.c:187:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_str, argv[2]);
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scx_file.c:499:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(mname, file->mnemonics[index].name);
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxtominc.c:675:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(scx_general_info->patient_sex, MI_MALE);
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxtominc.c:677:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(scx_general_info->patient_sex, MI_FEMALE);
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxtominc.c:679:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(scx_general_info->patient_sex, MI_OTHER);
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxtominc.c:713:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(scx_general_info->start_time, "%d-%s-%d %s",
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxtominc.c:787:32: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
att_vector = strcat((char *) att_vector, svalue);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:140:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_str, argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:155:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_dir, argv[argc - 1]);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:212:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_str, argv[ifile + 1]);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:218:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(&tmp_str[length], np->d_name);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:354:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(vffattrs.cmd_line,G.minc_history);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:868:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vattrs->cmd_line,linebuf);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1123:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer,strbuf);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1202:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer,strbuf);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1239:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fullpath_pro,np->d_name);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1246:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fullpath_des,np->d_name);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1253:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fullpath_par,np->d_name);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1292:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fullpath_pro, dirname);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1293:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fullpath_pro,FindFileData.cFileName);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1300:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fullpath_des, dirname);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1301:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fullpath_des,FindFileData.cFileName);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1308:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fullpath_par, dirname);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1309:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fullpath_par,FindFileData.cFileName);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.h:63:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define TESTRPT(msg, val) (fprintf(stderr, \
data/minc-tools-2.3.00+dfsg/progs/mincaverage/mincaverage.c:450:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void) strcat(dimname, WIDTH_SUFFIX);
data/minc-tools-2.3.00+dfsg/progs/mincblob/mincblob.c:132:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(infile, F_OK) != 0){
data/minc-tools-2.3.00+dfsg/progs/mincblob/mincblob.c:136:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(outfile, F_OK) == 0 && !clobber){
data/minc-tools-2.3.00+dfsg/progs/minccalc/errx.h:7:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
do { fprintf(stderr, "imgcalc: " fmt , ## args ); \
data/minc-tools-2.3.00+dfsg/progs/minccalc/gram.c:959:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/minc-tools-2.3.00+dfsg/progs/minccalc/minccalc.c:300:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(outfiles[i], F_OK) == 0 && !clobber){
data/minc-tools-2.3.00+dfsg/progs/minccmp/minccmp.c:221:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(infiles[i], F_OK) != 0){
data/minc-tools-2.3.00+dfsg/progs/minccmp/minccmp.c:233:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(mask_fname, F_OK) != 0){
data/minc-tools-2.3.00+dfsg/progs/mincconcat/mincconcat.c:858:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void) strcat(dimname, DIM_WIDTH_SUFFIX);
data/minc-tools-2.3.00+dfsg/progs/mincconcat/mincconcat.c:1024:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void) strcat(strcpy(dimname, concat_info->dimension_name),
data/minc-tools-2.3.00+dfsg/progs/mincconcat/mincconcat.c:1024:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcat(strcpy(dimname, concat_info->dimension_name),
data/minc-tools-2.3.00+dfsg/progs/mincconcat/mincconcat.c:1289:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void) strcat(strcpy(dimname, concat_info->dimension_name),
data/minc-tools-2.3.00+dfsg/progs/mincconcat/mincconcat.c:1289:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcat(strcpy(dimname, concat_info->dimension_name),
data/minc-tools-2.3.00+dfsg/progs/mincconcat/mincconcat.c:1337:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(dimname, concat_info->dimension_name);
data/minc-tools-2.3.00+dfsg/progs/mincconcat/mincconcat.c:1340:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void) strcat(dimname, DIM_WIDTH_SUFFIX);
data/minc-tools-2.3.00+dfsg/progs/mincconcat/mincconcat.c:1459:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void) strcat(string, arg_string);
data/minc-tools-2.3.00+dfsg/progs/mincdump/dumplib.c:43:12: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) vfprintf(stderr,fmt,args) ;
data/minc-tools-2.3.00+dfsg/progs/mincdump/mincdump.c:75:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(new, cp); /* copy last component of path */
data/minc-tools-2.3.00+dfsg/progs/mincdump/mincdump.c:252:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(gps, float_att_fmt, ff);
data/minc-tools-2.3.00+dfsg/progs/mincdump/mincdump.c:258:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(gps, double_att_fmt, dd);
data/minc-tools-2.3.00+dfsg/progs/mincdump/mincdump.c:281:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(gps, float_att_fmt, ff);
data/minc-tools-2.3.00+dfsg/progs/mincdump/mincdump.c:287:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(gps, double_att_fmt, dd);
data/minc-tools-2.3.00+dfsg/progs/mincdump/mincdump.c:597:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*cpp, cp);
data/minc-tools-2.3.00+dfsg/progs/mincdump/mincdump.h:15:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Printf (void) printf
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:152:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(sout, FILL_STRING);
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:156:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(sout, fmt, val);
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:175:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(sout, FILL_STRING);
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:179:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(sout, fmt, val);
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:199:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(sout, FILL_STRING);
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:203:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(sout, fmt, val);
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:227:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(sout, FILL_STRING);
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:231:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(sout, fmt, val);
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:253:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(sout, FILL_STRING);
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:257:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(sout, fmt, val);
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:414:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(sout, fmt, *vals++);
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:424:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) sprintf(sout, fmt, *vals++);
data/minc-tools-2.3.00+dfsg/progs/mincexample/mincexample1.c:597:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void) strcat(string, arg_string);
data/minc-tools-2.3.00+dfsg/progs/mincexample/mincexample2.c:682:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void) strcat(string, arg_string);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:198:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "main() {\t\t\t/* create %s */", filename);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:209:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " int %s_dim;", dims[idim].lname);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:217:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " size_t %s_len = NC_UNLIMITED;",
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:220:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " size_t %s_len = %lu;",
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:237:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " int %s_id;", vars[ivar].lname);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:244:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "# define RANK_%s %d", vars[ivar].lname,
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:253:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " int %s_dims[RANK_%s];",
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:274:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:288:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:300:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:314:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:322:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:330:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:349:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:362:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " %s_%s[%d] = %s;",
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:371:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:553:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "integer %s_dim", dims[idim].lname);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:559:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "integer %s_len", dims[idim].lname);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:564:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "parameter (%s_len = NF_UNLIMITED)",
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:567:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "parameter (%s_len = %lu)",
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:584:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "integer %s_id", vars[ivar].lname);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:590:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "integer %s_rank", vars[ivar].lname);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:594:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "parameter (%s_rank = %d)", vars[ivar].lname,
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:602:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "integer %s_dims(%s_rank)",
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:626:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "%s %s", ncftype(v->type),
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:629:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "%s %s(", ncftype(v->type),
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:633:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s2, "%s_len, ",
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:635:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmnt, s2);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:662:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "%s %sval(%lu)", ncftype(types[itype]),
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:672:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "iret = nf_create(\'%s\', NF_CLOBBER, ncid)", filename);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:681:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "iret = nf_def_dim(ncid, \'%s\', NF_UNLIMITED, %s_dim)",
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:684:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "iret = nf_def_dim(ncid, \'%s\', %lu, %s_dim)",
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:696:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "%s_dims(%d) = %s_dim",
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:703:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:711:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:729:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:742:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "%sval(%d) = %s",
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:750:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1131:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cp, tstr);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1164:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cp, tstr);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1275:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s2, "%s_id,", v->lname);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1276:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmnt, s2);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1299:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s2, "%s_id,", v->lname);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1300:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmnt, s2);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1317:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "integer %s_id", v->lname);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1336:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "integer %s_len", dims[idim].lname);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1338:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "parameter (%s_len = %lu)",
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1349:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "integer %s_rank", v->lname);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1356:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "parameter (%s_rank = %d)", v->lname,
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1366:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1382:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "integer %s_nr", v->lname);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1385:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "parameter (%s_nr = %lu)",
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1388:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "parameter (%s_nr = 1)",
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1393:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "%s %s(", ncftype(v->type),
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1398:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s2, "%s_nr, ", v->lname);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1400:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s2, "%s_len, ",
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1403:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmnt, s2);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1430:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,"data %s /%lu * %s/", v->lname,
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1444:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "* store %s", v->name);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1448:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "%s_start(%d) = 1", v->lname, idim+1);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1452:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "%s_count(%d) = %s_len", v->lname,
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1456:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "%s_count(%d) = %s_nr", v->lname,
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1461:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1465:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1506:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(filename,netcdfname);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1568:12: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) vfprintf(stderr,fmt,args) ;
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:23:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define fpr (void) fprintf
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:80:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " {\t\t\t/* store %s */", vars[varnum].name);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:85:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " static size_t %s_start[RANK_%s];",
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:89:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " static size_t %s_count[RANK_%s];",
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:95:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " static %s %s[] = {",
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:103:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s2, "%s", val_string);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:147:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmnt, s2);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:150:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(stmnt,s2);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:175:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stmnt, s2);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:178:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(stmnt,s2);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:188:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:196:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " %s_start[%d] = 0;",
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:203:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " %s_count[%d] = %s_len;",
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:212:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:220:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:229:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, " static %s %s = ",
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:237:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s2, "'%s'", &val_string[1]);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:265:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt,
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:295:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, t);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:298:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s, t);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:324:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "data %s /",vars[varnum].lname);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:331:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s2, "%s, ", val_string);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:390:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dup_stmnt, stmnt); /* ULTRIX missing strdup */
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:411:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "* store %s", v->name);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:426:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "iret = nf_put_var_%s(ncid, %s_id, %s)",
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:430:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmnt, "iret = nf_put_var_%s(ncid, %s_id, %s)",
data/minc-tools-2.3.00+dfsg/progs/mincmakescalar/mincmakescalar.c:244:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, str_wrong_dimension_order);
data/minc-tools-2.3.00+dfsg/progs/mincmorph/mincmorph.c:220:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(infile, F_OK) != 0){
data/minc-tools-2.3.00+dfsg/progs/mincmorph/mincmorph.c:226:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(outfile, F_OK) == 0 && !clobber){
data/minc-tools-2.3.00+dfsg/progs/mincmorph/mincmorph.c:373:52: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(!realpath(tmp_str, tmp_filename) || access(tmp_filename, F_OK) != 0){
data/minc-tools-2.3.00+dfsg/progs/mincmorph/mincmorph.c:380:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ext_txt, "kernel_fn: %s", op->kernel_fn);
data/minc-tools-2.3.00+dfsg/progs/mincmorph/mincmorph.c:383:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ext_txt, "inbuilt_kernel[%d]: %s", op->kernel_id,
data/minc-tools-2.3.00+dfsg/progs/mincmorph/mincmorph.c:400:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(op->outfile, F_OK) == 0 && !clobber){
data/minc-tools-2.3.00+dfsg/progs/mincmorph/mincmorph.c:406:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ext_txt, "filename: %s", op->outfile);
data/minc-tools-2.3.00+dfsg/progs/mincmorph/mincmorph.c:421:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(op->cmpfile, F_OK) != 0){
data/minc-tools-2.3.00+dfsg/progs/mincmorph/mincmorph.c:426:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ext_txt, "compare filename: %s", op->cmpfile);
data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.c:988:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(volume_def->spacetype[idim], MI_NATIVE);
data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.c:1156:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(args_volume_def->units[idim],
data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.c:1159:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(args_volume_def->spacetype[idim],
data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.c:1403:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void) strcat(string, tm_stamp);
data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.c:1454:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(string, "%s%d", dimname, idim);
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:1494:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void) strcat(string, history);
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:1567:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(spacing, MI_IRREGULAR);
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:1657:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(varname, dimname);
data/minc-tools-2.3.00+dfsg/progs/mincsample/mincsample.c:207:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(infiles[i], F_OK) != 0){
data/minc-tools-2.3.00+dfsg/progs/mincsample/mincsample.c:215:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(sample_fname, F_OK) == 0 && !clobber){
data/minc-tools-2.3.00+dfsg/progs/mincsample/mincsample.c:234:28: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(!append_output && access(out_fname, F_OK) == 0 && !clobber){
data/minc-tools-2.3.00+dfsg/progs/mincstats/mincstats.c:823:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(infiles[0], 0) != 0) {
data/minc-tools-2.3.00+dfsg/progs/mincstats/mincstats.c:828:29: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(infiles[1] != NULL && access(infiles[1], 0) != 0) {
data/minc-tools-2.3.00+dfsg/progs/mincstats/mincstats.c:833:40: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(hist_file != NULL && !clobber && access(hist_file, 0) != -1) {
data/minc-tools-2.3.00+dfsg/progs/rawtominc/rawtominc.c:1698:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(volume_def->spacetype[idim], MI_NATIVE);
data/minc-tools-2.3.00+dfsg/progs/xfm/transformtags.c:169:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(comment,
data/minc-tools-2.3.00+dfsg/progs/xfm/xfm2def.c:118:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(xfm_fn, F_OK) != 0){
data/minc-tools-2.3.00+dfsg/progs/xfm/xfm2def.c:122:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(out_fn, F_OK) == 0 && !clobber){
data/minc-tools-2.3.00+dfsg/progs/xfm/xfmconcat.c:144:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(outfile, F_OK) == 0 && !clobber){
data/minc-tools-2.3.00+dfsg/progs/xfm/xfminvert.c:134:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(infile, F_OK) != 0){
data/minc-tools-2.3.00+dfsg/progs/xfm/xfminvert.c:140:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(outfile, F_OK) == 0 && !clobber){
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/file_io.c:474:10: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
tmpnam(trace_file);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/file_io.c:477:31: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
#error Must have mkstemp() or tmpnam() available.
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/file_io.c:595:13: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
tmpnam(trace_file);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/file_io.c:598:31: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
#error Must have mkstemp() or tmpnam() available.
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/dicomserver.c:214:18: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
temp_dir = tempnam(NULL, NULL);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug.c:328:16: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
temp_dir = tempnam(run_dir, NULL);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:340:16: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
temp_dir = tempnam(NULL, NULL);
data/minc-tools-2.3.00+dfsg/progs/mincmorph/mincmorph.c:373:17: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if(!realpath(tmp_str, tmp_filename) || access(tmp_filename, F_OK) != 0){
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_io.c:132:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int test_vr(const char vr_to_test[2], const char *vr_list[]);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_io.c:133:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int is_sequence_vr(const char vr_to_test[2]);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_io.c:134:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int is_special_vr(const char vr_to_test[2]);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_io.c:135:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int is_vr(const char vr_to_test[2]);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_io.c:160:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int test_vr(const char vr_to_test[2], const char *vr_list[])
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_io.c:176:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int is_sequence_vr(const char vr_to_test[2])
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_io.c:182:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int is_special_vr(const char vr_to_test[2])
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_io.c:188:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int is_vr(const char vr_to_test[2])
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_io.c:495:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mach_value, input_value, nvals * value_size);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_io.c:873:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[3*ACR_SIZEOF_SHORT];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_io.c:877:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vr[2];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_io.c:946:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int acr_get_element_header_size(char vr_name[2],
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_io.c:978:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[2*ACR_SIZEOF_SHORT];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_io.c:1037:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[2*ACR_SIZEOF_SHORT+ACR_SIZEOF_LONG];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_io.c:1143:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[2*ACR_SIZEOF_SHORT+2*ACR_SIZEOF_LONG];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/acr_nema/acr_io.h:183:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int acr_get_element_header_size(char vr_name[2],
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/copy_acr_nema.c:122:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(infile, "r");
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/copy_acr_nema.c:154:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(outfile, "w");
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_client_routines.c:300:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *abstract_syntax_list[2] = {NULL, NULL};
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_client_routines.c:301:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *transfer_syntax_list[2] = {NULL, NULL};
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_client_routines.c:422:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
server.sin_port = htons(atoi(port));
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_client_routines.c:442:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(hp->h_addr, (char *) &server.sin_addr, hp->h_length);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_client_routines.c:1331:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uid_buffer[64] = {'\0'};
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:284:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char uid[64];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:289:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ch[4];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:297:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(uid, "1.%d.%d.%d.%d.%d.%d.%d",
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:306:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(&uid[strlen(uid)], ".%08d", counter++);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:313:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char Implementation_class_uid[65] = "";
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:357:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(Implementation_class_uid,
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:491:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[PDU_HEADER_LEN];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:537:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[ASSOC_RQ_LEN - PDU_HEADER_LEN];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:710:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[ABORT_RQ_LEN - PDU_HEADER_LEN];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:755:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[ASSOC_RJ_LEN - PDU_HEADER_LEN];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:804:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[PDU_ITEM_HEADER_LEN];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:884:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[MAX_PDU_STRING_LENGTH];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:922:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[ACR_SIZEOF_LONG];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:1012:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[4];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:1080:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[4];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:1186:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char string[MAX_PDU_STRING_LENGTH];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:1396:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[ASSOC_RQ_LEN];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:1571:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[ABORT_RQ_LEN];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:1708:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[PDU_ITEM_HEADER_LEN];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:1786:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[PDU_ITEM_HEADER_LEN+4];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:1874:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[2*PDU_ITEM_HEADER_LEN+ACR_SIZEOF_LONG];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:1973:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[PDU_ITEM_HEADER_LEN];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:2643:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header_buffer[DATA_TF_LEN];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:2740:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pdu_buffer[PDU_HEADER_LEN];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:2741:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header_buffer[DATA_TF_LEN];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dump_acr_nema.c:108:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[N_NAME+1];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dump_acr_nema.c:139:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dump_acr_nema.c:140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dump_acr_nema.c:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vr[1024];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dump_acr_nema.c:147:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dump_acr_nema.c:266:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file, "r");
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/element.c:769:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(data, acr_get_element_data(element), length);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/element.c:803:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vr_name[2];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/element.c:1235:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[256];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/element.c:1243:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(string, "%.15g", value);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/extract_acr_nema.c:184:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/file_io.c:398:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trace_file[128];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/file_io.c:472:32: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
afp->tracefp = fdopen(mkstemp(trace_file), "w");
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/file_io.c:475:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
afp->tracefp = fopen(trace_file, "w");
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/file_io.c:477:18: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
#error Must have mkstemp() or tmpnam() available.
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/file_io.c:563:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trace_file[128];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/file_io.c:593:35: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
afp->tracefp = fdopen(mkstemp(trace_file), "w");
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/file_io.c:596:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
afp->tracefp = fopen(trace_file, "w");
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/file_io.c:598:18: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
#error Must have mkstemp() or tmpnam() available.
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/group.c:1520:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[DICOM_FILE_MAGIC_OFFSET+DICOM_MAGIC_LEN];
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/read_acr_nema.c:110:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/sample_dicom_client.c:160:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/value_repr.c:602:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(internal_string_buffer, "%.6g",
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/dbh.h:24:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_type[10]; /* 4 + 10 - the data type of the file */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/dbh.h:25:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_name[18]; /* 14 + 18 - */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/dbh.h:39:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vox_units[4]; /* 16 + 4 - specifies the spatial units of measure for a voxel */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/dbh.h:40:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cal_units[8]; /* 20 + 8 - specifies the name of the calibration unit */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/dbh.h:64:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char descrip[80]; /* 0 + 80 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/dbh.h:65:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aux_file[24]; /* 80 + 24 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/dbh.h:77:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char generated[10]; /* 115 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/dbh.h:78:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scannum[10]; /* 125 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/dbh.h:79:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_id[10]; /* 135 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/dbh.h:80:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exp_date[10]; /* 145 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/dbh.h:81:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exp_time[10]; /* 155 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/dbh.h:82:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hist_un0[3]; /* 165 + 3 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/make_hdr.c:23:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char DataTypes[9][12] = {"UNKNOWN", "BINARY",
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/make_hdr.c:61:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(argv[1],"w"))==0)
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/make_hdr.c:71:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hdr.dime.dim[1] = atoi(argv[2]); /* slice width in pixels */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/make_hdr.c:72:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hdr.dime.dim[2] = atoi(argv[3]); /* slice height in pixels */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/make_hdr.c:73:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hdr.dime.dim[3] = atoi(argv[4]); /* volume depth in slices */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/make_hdr.c:74:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hdr.dime.dim[4] = atoi(argv[5]); /* number of volumes per file */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/make_hdr.c:86:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hdr.dime.glmax = atoi(argv[10]); /* maximum voxel value */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/make_hdr.c:87:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hdr.dime.glmin = atoi(argv[11]); /* minimum voxel value */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/show_hdr.c:17:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp=fopen(argv[1],"r"))==NULL)
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/show_hdr.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[128];
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/spm_dbh.h:16:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_type[10]; /* 4 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/spm_dbh.h:17:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_name[18]; /* 14 + 18 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/spm_dbh.h:27:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vox_units[4]; /* 16 + 4 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/spm_dbh.h:28:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cal_units[8]; /* 20 + 4 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/spm_dbh.h:54:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char descrip[80]; /* 0 + 80 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/spm_dbh.h:55:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aux_file[24]; /* 80 + 24 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/spm_dbh.h:57:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char originator[10]; /* 105 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/spm_dbh.h:58:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char generated[10]; /* 115 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/spm_dbh.h:59:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scannum[10]; /* 125 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/spm_dbh.h:60:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_id[10]; /* 135 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/spm_dbh.h:61:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exp_date[10]; /* 145 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/spm_dbh.h:62:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exp_time[10]; /* 155 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/spm_dbh.h:63:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hist_un0[3]; /* 165 + 3 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:141:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[128];
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:236:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_file[1000], string_a[1000], string_a2[1000], string_array_a[100][1000];
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:237:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char type_string[100];
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:274:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd=fopen(string_a,"r"))==NULL)
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:309:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (datatype==DT_UNSIGNED_CHAR) sprintf(type_string,"-byte ");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:310:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (datatype==DT_SIGNED_SHORT) sprintf(type_string,"-short -signed ");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:311:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (datatype==DT_SIGNED_INT) sprintf(type_string,"-long -signed ");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:312:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (datatype==DT_FLOAT) sprintf(type_string,"-float ");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:313:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (datatype==DT_DOUBLE) sprintf(type_string,"-double ");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:324:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(short_array_a,hdr.hist.originator,5*sizeof(short));
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:342:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=fopen(string_a,"r");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:350:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufferb+( ( i*z_dim_short*y_dim_short*x_dim_short +
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:361:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=fopen(data_file,"w");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:373:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd=fopen(data_file,"r"))==NULL)
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:380:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd2=fopen(string_a,"w"))==NULL)
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:418:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string_a2,"%d",volumes);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/dbh.h:17:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_type[10]; /* 4 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/dbh.h:18:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_name[18]; /* 14 + 18 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/dbh.h:28:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vox_units[4]; /* 16 + 4 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/dbh.h:29:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cal_units[8]; /* 20 + 4 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/dbh.h:55:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char descrip[80]; /* 0 + 80 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/dbh.h:56:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aux_file[24]; /* 80 + 24 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/dbh.h:58:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char originator[10]; /* 105 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/dbh.h:59:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char generated[10]; /* 115 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/dbh.h:60:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scannum[10]; /* 125 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/dbh.h:61:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_id[10]; /* 135 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/dbh.h:62:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exp_date[10]; /* 145 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/dbh.h:63:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exp_time[10]; /* 155 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/dbh.h:64:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hist_un0[3]; /* 165 + 3 */
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:100:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string_a[1000], string_array_a[100][1000], type_string[1000], *tcp;
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:143:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd2=fopen(string_a,"r");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:151:77: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (strncmp(string_array_a[0],"sig",3)==0) { datatype=DT_SIGNED_SHORT; sprintf(type_string,"-short -signed ");}
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:152:77: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else { datatype=DT_UNSIGNED_CHAR; sprintf(type_string,"-byte ");}
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:156:77: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (strncmp(string_array_a[0],"sig",3)!=0) { datatype=DT_SIGNED_INT; sprintf(type_string,"-long -signed ");}
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:157:77: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else { datatype=DT_SIGNED_SHORT; sprintf(type_string,"-short -signed ");}
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:161:77: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (strncmp(string_array_a[0],"sig",3)==0) { datatype=DT_SIGNED_INT; sprintf(type_string,"-long -signed ");}
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:162:77: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else { datatype=DT_FLOAT; sprintf(type_string,"float ");}
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:164:77: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (strncmp(string_array_a[1],"flo",3)==0) { datatype=DT_FLOAT; sprintf(type_string,"-float "); }
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:176:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd2=fopen(string_a,"r");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:183:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
glmin=atoi(string_array_a[i-1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:184:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
glmax=atoi(string_array_a[i+1]);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:196:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd2=fopen(string_a,"r");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:206:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd2=fopen(string_a,"r");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:216:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd2=fopen(string_a,"r");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:226:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd2=fopen(string_a,"r");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:233:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd2=fopen(string_a,"r");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:255:4: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=fopen(string_a,"r");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:269:5: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd2=fopen(string_a,"r");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:309:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufferb+( ( i*z_dim_short*y_dim_short*x_dim_short +
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:319:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffera,bufferb,bytepix*volumes*x_dim_short*y_dim_short*z_dim_short);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:338:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufferb+( ( i*z_dim_short*y_dim_short*x_dim_short +
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:348:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffera,bufferb,bytepix*volumes*x_dim_short*y_dim_short*z_dim_short);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:364:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufferb+( ( i*z_dim_short*y_dim_short*x_dim_short +
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:374:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffera,bufferb,bytepix*volumes*x_dim_short*y_dim_short*z_dim_short);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:402:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufferb+( ( i*z_dim_short*y_dim_short*x_dim_short +
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:410:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffera,bufferb,bytepix*volumes*x_dim_short*y_dim_short*z_dim_short);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:425:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufferb+( ( i*z_dim_short*y_dim_short*x_dim_short +
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:431:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffera,bufferb,bytepix*volumes*x_dim_short*y_dim_short*z_dim_short);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:438:4: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=fopen(string_a,"w");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:447:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd=fopen(string_a,"w"))==0)
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:458:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hdr.hk.data_type,"dsr ");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:483:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hdr.dime.vox_units,"mm");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:546:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdr.hist.originator,short_array_a,5*sizeof(short));
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:384:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[1024];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:433:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "Parsing %d files", num_files);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:979:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pipe_output_name[256];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:1011:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tst_str[DICM_MAGIC_SIZE+1];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:1014:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fullname, "rb")) == NULL) {
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:1034:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mfg_str[IMA_MAGIC_SIZE+1];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:1037:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fullname, "rb")) == NULL) {
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:1066:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fullname, "rb")) == NULL) {
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.h:179:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char string_t[511+1];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_read.c:2035:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(gi_ptr->study.study_id, "%.6f",gi_ptr->study_id);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_read.c:2041:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(gi_ptr->study.acquisition_id, "%d", gi_ptr->acq_id);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:222:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *World_Names[WORLD_NDIMS] = { "X", "Y", "Z" };
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:223:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *Volume_Names[VOL_NDIMS] = { "Slice", "Row", "Column" };
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:224:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *Mri_Names[MRI_NDIMS] = {"Slice", "Echo", "Time", "Phase", "ChmSh"};
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:684:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "rb");
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:770:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vr[4];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:773:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:774:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *value[MAXVM];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:863:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Acr_Double tmp = atoi(value[0]);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:878:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Acr_Double tmp2 = atoi("0");
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:1024:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_buf, "0x%lx", mode);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:1047:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_buf, "0x%lx", mode);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:1331:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_buf, "%d\\%d", fov, fov);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:1339:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_buf, "%f\\%f", fov, fov);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:1351:36: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(double)atol(str_buf));
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:1362:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_buf, "0x%x", mode);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:1635:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_buf[128];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:1687:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_buf, "%.15g\\%.15g\\%.15g", x, y, z);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:1706:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str_buf, "1\\0\\0\\0\\1\\0");
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:1709:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str_buf, "0\\1\\0\\0\\0\\1");
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:1712:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str_buf, "1\\0\\0\\0\\0\\1");
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:1735:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_buf, "%.15g\\%.15g",
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:2457:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (str_tmp != NULL && atoi(str_tmp + 18) >= 25) {
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:2462:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (str_tmp != NULL && atoi(str_tmp + 10) >= 25) {
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:2467:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (str_tmp != NULL && atoi(str_tmp + 10) >= 11) {
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:2630:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dircos[VCOLUMN], RowColVec, sizeof(*RowColVec) * WORLD_NDIMS);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:2631:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dircos[VROW], &RowColVec[3], sizeof(*RowColVec) * WORLD_NDIMS);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:2766:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_buf[128];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:2792:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_buf, "%.15g\\%.15g",
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:2925:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "%.15g\\%.15g\\%.15g",
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:2959:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new[new_offset], &old[old_offset], nbyte);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:3050:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dircos[VCOLUMN], RowColVec, sizeof(*RowColVec) * WORLD_NDIMS);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:3051:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dircos[VROW], &RowColVec[3], sizeof(*RowColVec) * WORLD_NDIMS);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:3217:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "%.15g\\%.15g\\%.15g",
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:3234:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_ptr, /* destination */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.h:117:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *Mri_Names[MRI_NDIMS];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.h:122:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *World_Names[WORLD_NDIMS];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.h:127:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *Volume_Names[VOL_NDIMS];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:214:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scan_label[MRI_NDIMS][20];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:216:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *scan_prefix[MRI_NDIMS] = {"sl", "e", "d", "p", "cs"};
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:217:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[1024];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:353:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_name[1024];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:357:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char full_path[1024];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:388:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(general_info->study.acquisition_id, "%06d",
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:401:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(full_path, ".mnc"); /* Always append the extension */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:621:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:632:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *spatial_dimnames[WORLD_NDIMS] = {MIxspace, MIyspace, MIzspace};
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:1044:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "dicom_0x%04x", acr_get_group_group(cur_group));
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:1053:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "el_0x%04x",
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:1071:28: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE *fp = tmpfile();
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char y[N_ORIENTATION + 1]; /* up - down */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:98:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x[N_ORIENTATION + 1]; /* left - right */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char z[N_ORIENTATION + 1]; /* back - front */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad1[8];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Manufacturer[N_MANUFACTURER + 1]; /* 0070 0060 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char InstitutionName[N_STRING + 1]; /* 0080 0069 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PhysicianName[N_STRING + 1]; /* 0090 0084 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char StationName[N_STRING + 1]; /* 1010 009F */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:119:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char StudyDescription[N_STRING + 1]; /* 1030 00BA */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:120:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad2[N_STRING + 1];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AdmittingDiagnoses[N_DIAGNOSIS + 1]; /* 1080 00F0 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ModelName[N_STRING + 1]; /* 1090 0119 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:123:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad3[76];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientName[N_STRING + 1]; /* 0010 0300 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientID[N_PATIENTID + 1]; /* 0020 031B */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientBirthName[N_STRING + 1]; /* 1005 0338 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:137:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientAge[N_AGE + 1]; /* 1010 0353 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad1[156];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:148:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad1[8]; /* Dummy padding */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad2[8];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad3[4]; /* Dummy padding */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:157:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad4[4]; /* 0085 0640 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:160:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SerialNumber[N_STRING + 1]; /* 1000 064C */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:161:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SoftwareVersion[N_SWVERSION + 1]; /* 1020 0667 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad5[61]; /* Dummy padding */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad6[N_STRING + 1];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:166:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ReceiveCoilName[N_STRING + 1]; /* 1250 06E7 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:167:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad7[N_STRING + 1];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ImagedNucleus[N_NUCLEUS + 1]; /* 0085 0724 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:170:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad8[80]; /* Pad to 384 bytes */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:179:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad1[4]; /* */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:183:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad2[4]; /* Dummy padding */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:187:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad3[4];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:189:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad4[416]; /* Pad to 512 bytes */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:200:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad1[2];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad2[8];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:211:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad3[192]; /* Pad to 256 bytes */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:221:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad1[20]; /* Padding */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:223:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad2[140];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:225:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad3[4];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:233:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad4[116]; /* Dummy padding */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:235:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad5[316]; /* Dummy padding */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:237:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad6[631]; /* Dummy padding */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:245:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad1[32]; /* Dummy padding */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:252:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad3[8]; /* Dummy padding */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:257:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char StudyName[N_STRING + 1]; /* 1180 0F40 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:260:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad4[40]; /* XXXX 0F68 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:265:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad5[4];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:270:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad7[88]; /* Dummy padding */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:272:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad9[32]; /* Dummy padding */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:274:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad10[4]; /* Dummy padding */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:276:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad11[829]; /* Padding */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:360:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientNumber[PATIENT_NUMBER_SIZE + 1]; /* Patient Id */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:361:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientSexAndAge[PATIENT_DATE_SIZE + 1]; /* Patient Sex, Patient Age */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:362:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientPosition[PATIENT_POSITION_SIZE + 1]; /* Patient Rest Direction, ... */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ImageNumber[IMAGE_NUMBER_SIZE + 1]; /* Image */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:364:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Label[LABEL_SIZE + 1]; /* Archiving Mark Mask, ... */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:365:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DateOfMeasurement[DATE_OF_MEASUREMENT_SIZE + 1]; /* Acquisition Date */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:366:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TimeOfMeasurement[TIME_OF_MEASUREMENT_SIZE + 1]; /* Acquisition Time */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:367:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TimeOfAcquisition[TIME_OF_ACQUISITION_SIZE + 1]; /* CT: Exposure Time MR:
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:369:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char NumberOfAcquisitions[NUMBER_OF_ACQUISITIONS_SIZE + 1]; /* Number of Averages */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:370:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CommentNo1[COMMENT_NO1_SIZE + 1]; /* Procedure Description */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:371:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CommentNo2[COMMENT_NO2_SIZE + 1];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:372:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char InstallationName[INSTALLATION_NAME_SIZE + 1]; /* Institution ID */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:373:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SoftwareVersion[SOFTWARE_VERSION_SIZE + 1]; /* Software Version */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:374:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Matrix[MATRIX_SIZE + 1]; /* Rows, Columns */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:375:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TypeOfMeasurement[TYPE_OF_MEASUREMENT_SIZE + 1]; /* Calculation Mode */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:376:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ScanNumber[SCAN_NUMBER_SIZE + 1]; /* Acquisition */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:377:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char RepetitionTime[REPETITION_TIME_SIZE + 1]; /* Repetition Time */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:378:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char EchoTime[ECHO_TIME_SIZE + 1]; /* Echo Time */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:379:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char GatingAndTrigger[GATING_AND_TRIGGER_SIZE + 1]; /* Signal Mask */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:380:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TubeCurrent[TUBE_CURRENT_SIZE + 1]; /* Exposure */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:381:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TubeVoltage[TUBE_VOLTAGE_SIZE + 1]; /* Generator Power */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:382:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SliceThickness[SLICE_THICKNESS_SIZE + 1]; /* Slice Thickness */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:383:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SlicePosition[SLICE_POSITION_SIZE + 1]; /* Image Distance */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:384:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SliceOrientationNo1[SLICE_ORIENTATION_NO1_SIZE + 1]; /* Image Position, ... */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:385:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SliceOrientationNo2[SLICE_ORIENTATION_NO2_SIZE + 1];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:386:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FieldOfView[FIELD_OF_VIEW_SIZE + 1]; /* Field of View */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:387:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ZoomCenter[ZOOM_CENTER_SIZE + 1]; /* Target */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:388:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char GantryTilt[GANTRY_TILT_SIZE + 1]; /* Gantry Tilt */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:389:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TablePosition[TABLE_POSITION_SIZE + 1]; /* Location */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:390:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MipHeadLine[MIP_HEADLINE_SIZE + 1]; /* <string> */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:391:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MipLine[MIP_LINE_SIZE + 1]; /* MIP x Row */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:392:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MipColumn[MIP_COLUMN_SIZE + 1]; /* MIP x Column */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:393:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MipSlice[MIP_SLICE_SIZE + 1]; /* MIP x Slice */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:394:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char StudyNumber[STUDY_NUMBER_SIZE + 1]; /* Study */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:395:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Contrast[CONTRAST_SIZE + 1]; /* Contrast Agent */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:396:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientBirthdate[PATIENT_BIRTHDATE_SIZE + 1]; /* Patient Birthday */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:397:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SequenceInformation[SEQUENCE_INFO_SIZE + 1]; /* Sequence File Owner, ... */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:398:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SaturationRegions[SATURATION_REGIONS_SIZE + 1]; /* Saturation Regions, ... */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:399:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DataSetId[DATA_SET_ID_SIZE + 1]; /* Image, Study */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:400:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MagnificationFactor[MAGNIFICATION_FACTOR_SIZE + 1]; /* Image Maginification Factor */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:401:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ManufacturerModel[MANUFACTURER_MODEL_SIZE + 1]; /* Manufacturer Model */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:402:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientName[PATIENT_NAME_SIZE + 1]; /* Patient Name */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:403:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TimeOfScanning[TIME_OF_SCANNING_SIZE + 1]; /* Acquisition Time */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:408:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientID[12+1]; /* 5504 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:409:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientSex[1]; /* 5517 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:410:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientAge[3]; /* 5518 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:411:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientAgeUnits[1]; /* 5521 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:412:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad1[7]; /* 5522 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:413:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientPosition[12]; /* 5529 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:414:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ImageNumberFlag[5]; /* 5541 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:415:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ImageNumber[3]; /* 5546 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:416:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad2[10]; /* 5551 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:417:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Date[11+1]; /* 5559 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:418:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Time[5+1]; /* 5571 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:419:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AcquisitionTimeFlag[6]; /* 5577 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:420:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AcquisitionTime[5+1]; /* 5583 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:421:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AcquisitionCountFlag[6]; /* 5589 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:422:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AcquisitionCount[5+1]; /* 5595 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:423:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Annotation[27]; /* 5601 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:424:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AdmittingDiagnosis[27]; /* 5628 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:425:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Organization[27]; /* 5655 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:426:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Station[12]; /* 5682 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:427:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AcquisitionMatrixPhase[3]; /* 5695 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:428:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AcquisitionMatrixPhaseAxis[1];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:429:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AcquisitionMatrixFreq[3];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:430:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AcquisitionMatrixFreq0[1];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:431:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AcquisitionMatrixFreqS[1];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:432:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Sequence[8];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:433:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FlipAngle[3];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:434:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ScanNumberFlag[4];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:435:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ScanNumberA[3];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:436:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ScanNumberB[3];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:437:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char RepetitionTimeFlag[2];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:438:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char RepetitionTime[7];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:439:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char EchoTimeFlag[2];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:440:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char EchoTime[5];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:441:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char EchoNumber[1];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:442:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SliceThicknessFlag[2];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:443:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SliceThickness[7];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:444:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SlicePositionFlag[2];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:445:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SlicePosition[7];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:446:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AngleFlag1[3];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:447:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AngleFlag2[1];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:448:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AngleFlag3[3];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:449:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Angle[4];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:450:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FOVFlag[3];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:451:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FOVH[3];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:452:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FOVV[3];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:453:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TablePositionFlag[2];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:454:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TablePosition[7];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:455:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char StudyNumberFlag[5];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:456:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char StudyNumber[2];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:457:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DOBDD[2];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:458:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DOBMM[3];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:459:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DOBYYYY[4];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:460:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char StudyNumberFlag2[3];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:461:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ImageNumberFlag2[3];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:462:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char StudyNumber2[2];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:463:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ImageNumber2[2];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:464:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char StudyImageNumber3[5];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:465:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ModelName[15];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:466:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientName[27]; /* 6058 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:467:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ScanStartTimeHH[3]; /* 6085 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:468:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ScanStartTimeMM[3]; /* 6088 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:469:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ScanStartTimeSS[3]; /* 6091 */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:478:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char G09[0x0180]; /* 0x0180 - Siemens specific */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:480:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char G11[0x0080]; /* 0x0400 - Siemens specific */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:481:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char G13[0x0180]; /* 0x0480 - Siemens specific */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_header_defs.h:487:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char G29[0x0100]; /* 0x1480 - Siemens specific */
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_to_dicom.c:198:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "rb")) == NULL) {
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_to_dicom.c:427:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "%.15g\\%.15g\\%.15g\\%.15g\\%.15g\\%.15g",
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_to_dicom.c:478:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "%.15g\\%.15g\\%.15g", coord[0], -coord[1], -coord[2]);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_to_dicom.c:507:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "%.15g\\%.15g", pixel_spacing[0], pixel_spacing[1]);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_to_dicom.c:625:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "%04d%02d%02d", (int) year, (int) month, (int) day);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_to_dicom.c:658:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "%02d%02d%02d.%03d", (int) hour, (int) minute,
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_to_dicom.c:723:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(string, data, 4);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_to_dicom.c:790:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "%.15g\\%.15g", row, col);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_to_dicom.c:811:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "%g\\%g", (double)x, (double)y);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_to_dicom.c:830:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "%.15g\\%.15g\\%.15g", x, y, z);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_to_dicom.c:947:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char y[N_ORIENTATION + 1];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_to_dicom.c:948:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x[N_ORIENTATION + 1];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_to_dicom.c:949:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char z[N_ORIENTATION + 1];
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/siemens_to_dicom.c:974:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "%.15g\\%.15g", height, width);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/dicomserver.c:126:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exit_string[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/dicomserver.c:130:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_prefix[256] = "dicomserver";
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/dicomserver.c:134:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_file_name[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/dicomserver.c:136:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfilename[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/dicomserver.c:178:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(logfilename, "dicomserver-%d.log",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/dicomserver.c:223:14: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void) strcat(file_prefix, "/dicom");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/dicomserver.c:576:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(exit_string, "Finished transfer.");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/dicomserver.c:591:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fptemp = fopen(SYSTEM_LOG, "w")) != NULL) {
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/minc_file.c:83:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char temp_name[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/minc_file.c:84:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_name[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/minc_file.c:89:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scan_label[MRI_NDIMS][20];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/minc_file.c:92:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *scan_prefix[MRI_NDIMS] =
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/minc_file.c:107:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(patient_name, "unknown");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/minc_file.c:200:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/minc_file.c:214:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *spatial_dimnames[WORLD_NDIMS] = {MIxspace, MIyspace, MIzspace};
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/minc_file.c:433:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(name, "dicom_0x%04x", acr_get_group_group(cur_group));
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/minc_file.c:442:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(name, "el_0x%04x",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/project_file.c:74:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char project_string[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/project_file.c:75:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_default_file[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/project_file.c:76:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_file_prefix[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/project_file.c:78:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_command_line[4];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/project_file.c:82:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[512];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/project_file.c:125:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp=fopen(output_default_file, "r")) == NULL) {
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/save_transferred_object.c:59:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_name[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/save_transferred_object.c:60:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_name[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/save_transferred_object.c:97:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(patient_name, "unknown");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/save_transferred_object.c:110:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(temp_name, "w");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:665:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(general_info->study.study_id, "%d", general_info->study_id);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:666:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(general_info->study.acquisition_id, "%d_%d",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_to_minc.c:204:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_to_minc.h:67:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char Cstring[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/use_the_files.c:85:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_prefix[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/use_the_files.c:87:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command_line[512];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/use_the_files.c:88:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[512];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:66:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command_line[512];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:82:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char IdStr[512];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:84:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Name[512];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:114:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_file_name[256]; // delete?
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:122:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char OutDir[128];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:127:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_name[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:128:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_name[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:129:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_id[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:130:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reg_time[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:131:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reg_date[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:132:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_dir[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:133:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_name[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:135:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char file_prefix_string[L_tmpnam+1] = "dicomserver";
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:183:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Do_logging = atoi(argv[ix]);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:285:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dicm_test_string[5];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:287:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fptemp = fopen(file_list[ifile], "r");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:312:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(model_name, "unknown");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:353:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[20];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:354:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message,"Parsing %d files",num_files);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:382:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(patient_name, "unknown");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:393:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(patient_id, "unknown");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:404:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(patient_id, "unknown");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:415:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(patient_id, "unknown");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:421:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temp_name,"/software/source/dicomserver_test/conversion/dicomserver/dicom_to_minc");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:424:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temp_name, "/data/fmri/transfer/images/leili");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:425:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temp_name,"/.");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:427:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temp_name,"-compress");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:429:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temp_name,"-inputdir");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:432:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temp_name, "/software/source/dicomserver_test/conversion/dicomserver/dicom_data/Numaris_3/IMAS");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:433:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temp_name,"/.");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc2.c:65:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command_line[512];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc2.c:81:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char IdStr[512];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc2.c:83:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Name[512];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc2.c:113:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_file_name[256]; // delete?
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc2.c:121:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char OutDir[128];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc2.c:152:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Do_logging = atoi(argv[ix]);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc2.c:252:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dicm_test_string[5];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc2.c:254:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fptemp = fopen(file_list[ifile], "r");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc2.c:298:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[20];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc2.c:299:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message,"Parsing %d files",num_files);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomreader.c:81:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_file_name[256]; // delete?
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomreader.c:90:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char OutDir[128];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomreader.c:119:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Do_logging = atoi(argv[ix]);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomreader.c:158:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dicm_test_string[5];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomreader.c:160:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fptemp = fopen(file_list[ifile], "r");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomreader.c:206:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[20];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomreader.c:207:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message,"Parsing %d files",num_files);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug.c:166:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exit_string[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug.c:170:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char file_prefix_string[L_tmpnam+1] = "dicomserver";
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug.c:177:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_file_name[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug.c:179:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfilename[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug.c:192:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char OutDir[128];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug.c:232:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Do_logging = atoi(argv[ix]);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug.c:252:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(logfilename, "/data/fmri/transfer/logs/dicomserver-%d.log",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug.c:257:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(logfilename, "/dev/null");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug.c:792:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(exit_string, "Finished transfer.");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug.c:809:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fptemp = fopen(SYSTEM_LOG, "w")) != NULL) {
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:169:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exit_string[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:173:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char file_prefix_string[L_tmpnam+1] = "dicomserver";
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:178:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_file_name[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:180:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfilename[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:193:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char OutDir[128];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:198:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_name[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:199:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_name[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:200:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_id[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:201:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reg_time[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:202:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reg_date[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:203:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_dir[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:204:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_name[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:245:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Do_logging = atoi(argv[ix]);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:265:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(logfilename, "dicomserver-%d.log",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:270:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(logfilename, "/dev/null");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:350:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void) strcat(file_prefix, "/dicom");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:689:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dicm_test_string[5];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:690:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fptemp = fopen(file_list[ifile], "r");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:715:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(model_name, "unknown");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:764:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(out_dir, "/data/fmri/transfer/images/");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:765:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(out_dir,"/data/fmri/transfer/images/MagnetomVision_%f",file_info_list[0]->study_id);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:777:18: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(patient_name, "unknown");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:788:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(patient_id, "unknown");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:799:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(reg_date, "unknown");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:809:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(reg_time, "unknown");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:818:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temp_name,"/software/source/dicomserver_test/conversion/dicomserver/dicom_to_minc");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:824:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temp_name,"-compress");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:826:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temp_name,"-inputdir");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:946:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(exit_string, "Finished transfer.");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:963:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fptemp = fopen(SYSTEM_LOG, "w")) != NULL) {
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver.h:149:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sequence_name[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver.h:150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char protocol_name[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:94:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char IdStr[512];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:96:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Name[512];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:132:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char temp_name[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:133:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_name[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:134:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_id[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:135:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scanner_model[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:136:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial_no[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:137:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reg_time[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:138:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_str[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:144:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scan_label[MRI_NDIMS][20];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:148:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:151:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *scan_prefix[MRI_NDIMS] =
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:174:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(patient_name, "no_name");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:220:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(reg_time, "no_time");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:256:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(general_info->study.acquisition_id, "%06d",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:367:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:384:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *spatial_dimnames[WORLD_NDIMS] = {MIxspace, MIyspace, MIzspace};
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:826:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(name, "dicom_0x%04x", acr_get_group_group(cur_group));
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:835:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(name, "el_0x%04x",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/modify_group_list.c:9:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/modify_group_list.c:76:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dircos[VCOLUMN],RowColVec,sizeof(RowColVec[0])*3);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/modify_group_list.c:77:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dircos[VROW],&RowColVec[3],sizeof(RowColVec[0])*3);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/modify_group_list.c:106:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(string, "%.15g\\%.15g\\%.15g",position[0], position[1], position[2]);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/parse_dicom_groups.c:40:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_name[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/project_file.c:79:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char project_string[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/project_file.c:80:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_default_file[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/project_file.c:81:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_file_prefix[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/project_file.c:83:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_command_line[4];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/project_file.c:87:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[512];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/project_file.c:130:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp=fopen(output_default_file, "r")) == NULL) {
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/save_transferred_object.c:73:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_name[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/save_transferred_object.c:74:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_name[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/save_transferred_object.c:84:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/save_transferred_object.c:131:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(patient_name, "unknown");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/save_transferred_object.c:157:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(temp_name, "w");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:621:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dircos[VCOLUMN],RowColVec,sizeof(RowColVec[0])*3);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:622:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dircos[VROW],&RowColVec[3],sizeof(RowColVec[0])*3);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:939:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(general_info->study.study_id, "%.6f",general_info->study_id);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:944:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(general_info->study.acquisition_id, "%d",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:1072:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(general_info->acq.MrProt, "disabled");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_send.c:296:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abs_frame_time_hms[100];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_send.c:322:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
patient_number = atoi(argv[iarg++]);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_send.c:323:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
first_image = ((argc < needed_args+1) ? 0 : atoi(argv[iarg++]));
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_send.c:324:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
last_image = ((argc < needed_args+2) ? INT_MAX : atoi(argv[iarg++]));
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_send.c:568:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(abs_frame_time_hms,"%02.0f%02.0f%06.3f",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_send.c:1156:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_send.c:1257:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(string, "%.15g\\%.15g",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_send.c:1325:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_send.c:1376:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(string, "%.15g\\%.15g\\%.15g",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.c:386:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.c:460:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.c:522:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi((char*)prot_find_string(Protocol,"lRepetitions"))+1);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.c:526:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi((char*)prot_find_string(Protocol,"lContrasts")));
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.c:537:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_slices = atoi((char*)prot_find_string(Protocol,"sSliceArray.lSize"));
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.c:539:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi((char*)prot_find_string(Protocol,"sKSpace.lPartitions"));
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.c:667:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi((char*)prot_find_string(Protocol,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.c:690:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
enc_ix = atoi(field_ptr+sizeof(char));
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.c:713:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
enc_ix = atoi(field_ptr+sizeof(char));
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.c:913:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FieldName[512];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.c:914:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Separator[512];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.c:915:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FieldValue[512];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.c:1018:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.c:1114:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(string, "%.15g\\%.15g",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.c:1130:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dircos[VCOLUMN],RowColVec,sizeof(RowColVec[0])*3);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.c:1131:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dircos[VROW],&RowColVec[3],sizeof(RowColVec[0])*3);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.c:1204:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.c:1258:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(string, "%.15g\\%.15g\\%.15g",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.h:91:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char Cstring[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.h:197:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phase_enc_dir[16];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.h:198:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mr_acq_type[16];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.h:199:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char image_type[128];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/STC_Common_Status.h:187:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log[__STC_PACS_NODE_LOG_LEN+1]; /* logical name */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/STC_Common_Status.h:190:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phys[__STC_PACS_NODE_PHYS_LEN+1]; /* physical name */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/STC_Common_Status.h:329:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[__STC_INFO_VERSION_LEN+1];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/STC_Common_Status.h:335:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char space[__STC_BASIC_DATA_LEN -
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/STC_Common_Status.h:398:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char space [__STC_BASIC_DATA_LEN]; /* 8 blocks for map */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_acr_groups_types.h:30:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Manufacturer[LENGTH_MANUFACTURER + 1]; /* (0008,0070) 8 AT FF 2NS-NEM */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_acr_groups_types.h:31:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char InstitutionID[LENGTH_LABEL + 1]; /* (0008,0080) 26 AT FF 2NS-NEM */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_acr_groups_types.h:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ReferringPhysician[LENGTH_LABEL + 1]; /* (0008,0090) 26 AT FF 2NS-NEM */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_acr_groups_types.h:33:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char StationID[LENGTH_LABEL + 1]; /* (0008,1010) 26 AT FF 2NS-NEM */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_acr_groups_types.h:34:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ProcedureDescription_1[LENGTH_COMMENT + 1]; /* (0008,1030) 52 AT FF 2DS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_acr_groups_types.h:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ProcedureDescription_2[LENGTH_COMMENT + 1];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_acr_groups_types.h:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AdmittingDiagnosis[LENGTH_DIAGNOSIS + 1]; /* (0008,1080) 40 AT FF 2DS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_acr_groups_types.h:37:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ManufacturerModel[LENGTH_LABEL + 1]; /* (0008,1090) 26 AT FF 2DS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_acr_groups_types.h:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientName[LENGTH_LABEL + 1]; /* (0010,0010) 26 AT FF 2NS-NEM */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_acr_groups_types.h:48:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientId[LENGTH_PATIENT_ID + 1]; /* (0010,0020) 12 AT FF 2NS-NEM */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_acr_groups_types.h:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientMaidenName[LENGTH_LABEL + 1]; /* (0010,1005) 26 AT FF 2DS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_acr_groups_types.h:52:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientAge[LENGTH_AGE + 1]; /* (0010,1010) 4 AT DF 2NS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_acr_groups_types.h:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DeviceSerialNumber[LENGTH_LABEL + 1]; /* (0018,1000) 26 AT FF 2DS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_acr_groups_types.h:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SoftwareVersion[LENGTH_SOFTWARE_VERSION + 1]; /* (0018,1020) 8 AT FF 2DS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_acr_groups_types.h:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FilterIdLabel[LENGTH_FILTER_ID + 1]; /* (0018,1160) 12 AT FF 3NS-NEM */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_acr_groups_types.h:94:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ConvolutionKernel[LENGTH_LABEL + 1]; /* (0018,1210) 12 AT DF 3NS-NEM */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_acr_groups_types.h:95:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ReceivingCoil[LENGTH_LABEL + 1]; /* (0018,1250) 26 AT FF 2DS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_acr_groups_types.h:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Gap1251[LENGTH_LABEL + 1];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_acr_groups_types.h:98:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ImagedNucleus[LENGTH_NUCLEUS + 1]; /* (0018,0085) 8 AT FF 2NS-NEM */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_basic_types.h:243:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gap[LENGTH_LABEL + 1];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_basic_types.h:244:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientName[LENGTH_LABEL + 1];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_basic_types.h:245:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientId[LENGTH_LABEL + 1];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_basic_types.h:358:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Y[LENGTH_ORIENTATION + 1]; /* up - down */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_basic_types.h:359:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char X[LENGTH_ORIENTATION + 1]; /* left - right */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_basic_types.h:360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Z[LENGTH_ORIENTATION + 1]; /* back - front */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:149:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientNumber[DS_PATIENT_NUMBER_SIZE + 1]; /* -> Patient Id */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientSexAndAge[DS_PATIENT_DATE_SIZE + 1]; /* -> Patient Sex, Patient Age */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientPosition[DS_PATIENT_POSITION_SIZE + 1]; /* -> Patient Rest Direction, ... */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ImageNumber[DS_IMAGE_NUMBER_SIZE + 1]; /* -> Image */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:153:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Label[DS_LABEL_SIZE + 1]; /* -> Archiving Mark Mask, ... */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:154:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DateOfMeasurement[DS_DATE_OF_MEASUREMENT_SIZE + 1]; /* -> Acquisition Date */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:155:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TimeOfMeasurement[DS_TIME_OF_MEASUREMENT_SIZE + 1]; /* -> Acquisition Time */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:156:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TimeOfAcquisition[DS_TIME_OF_ACQUISITION_SIZE + 1]; /* -> CT: Exposure Time -> MR:
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char NumberOfAcquisitions[DS_NUMBER_OF_ACQUISITIONS_SIZE + 1]; /* -> Number of Averages */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CommentNo1[DS_COMMENT_NO1_SIZE + 1]; /* -> Procedure Description */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CommentNo2[DS_COMMENT_NO2_SIZE + 1];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char InstallationName[DS_INSTALLATION_NAME_SIZE + 1]; /* -> Institution ID */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:162:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SoftwareVersion[DS_SOFTWARE_VERSION_SIZE + 1]; /* -> Software Version */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:163:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Matrix[DS_MATRIX_SIZE + 1]; /* -> Rows, Columns */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:164:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TypeOfMeasurement[DS_TYPE_OF_MEASUREMENT_SIZE + 1]; /* -> Calculation Mode */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ScanNumber[DS_SCAN_NUMBER_SIZE + 1]; /* -> Acquisition */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:166:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char RepetitionTime[DS_REPETITION_TIME_SIZE + 1]; /* -> Repetition Time */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char EchoTime[DS_ECHO_TIME_SIZE + 1]; /* -> Echo Time */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char GatingAndTrigger[DS_GATING_AND_TRIGGER_SIZE + 1]; /* -> Signal Mask */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:169:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TubeCurrent[DS_TUBE_CURRENT_SIZE + 1]; /* -> Exposure */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TubeVoltage[DS_TUBE_VOLTAGE_SIZE + 1]; /* -> Generator Power */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:171:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SliceThickness[DS_SLICE_THICKNESS_SIZE + 1]; /* -> Slice Thickness */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:172:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SlicePosition[DS_SLICE_POSITION_SIZE + 1]; /* -> Image Distance */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:173:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SliceOrientationNo1[DS_SLICE_ORIENTATION_NO1_SIZE + 1]; /* -> Image Position, ... */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:174:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SliceOrientationNo2[DS_SLICE_ORIENTATION_NO2_SIZE + 1];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:175:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FieldOfView[DS_FIELD_OF_VIEW_SIZE + 1]; /* -> Field of View */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:176:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ZoomCenter[DS_ZOOM_CENTER_SIZE + 1]; /* -> Target */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:177:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char GantryTilt[DS_GANTRY_TILT_SIZE + 1]; /* -> Gantry Tilt */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:178:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TablePosition[DS_TABLE_POSITION_SIZE + 1]; /* -> Location */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:179:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MipHeadLine[DS_MIP_HEADLINE_SIZE + 1]; /* -> <string> */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:180:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MipLine[DS_MIP_LINE_SIZE + 1]; /* -> MIP x Row */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MipColumn[DS_MIP_COLUMN_SIZE + 1]; /* -> MIP x Column */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:182:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MipSlice[DS_MIP_SLICE_SIZE + 1]; /* -> MIP x Slice */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:183:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char StudyNumber[DS_STUDY_NUMBER_SIZE + 1]; /* -> Study */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:184:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Contrast[DS_CONTRAST_SIZE + 1]; /* -> Contrast Agent */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:185:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientBirthdate[DS_PATIENT_BIRTHDATE_SIZE + 1]; /* -> Patient Birthday */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SequenceInformation[DS_SEQUENCE_INFO_SIZE + 1]; /* -> Sequence File Owner, ... */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:187:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SaturationRegions[DS_SATURATION_REGIONS_SIZE + 1]; /* -> Saturation Regions, ... */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:188:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DataSetId[DS_DATA_SET_ID_SIZE + 1]; /* -> Image, Study */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:189:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MagnificationFactor[DS_MAGNIFICATION_FACTOR_SIZE + 1]; /* -> Image Maginification Factor */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:190:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ManufacturerModel[DS_MANUFACTURER_MODEL_SIZE + 1]; /* -> Manufacturer Model */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:191:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientName[DS_PATIENT_NAME_SIZE + 1]; /* -> Patient Name */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_image_text_type.h:192:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TimeOfScanning[DS_TIME_OF_SCANNING_SIZE + 1]; /* -> Acquisition Time */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:29:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char GeneratorIdentificationLabel[LENGTH_LABEL + 1]; /* (0009,1310) 26 AT DF 2DS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:30:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char GantryIdentificationLabel[LENGTH_LABEL + 1]; /* (0009,1311) 26 AT DF 2DS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:31:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char XRayTubeIdentificationLabel[LENGTH_LABEL + 1]; /* (0009,1312) 26 AT DF 2DS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DetectorIdentificationLabel[LENGTH_LABEL + 1]; /* (0009,1313) 26 AT DF 2DS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:33:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DASIdentificationLabel[LENGTH_LABEL + 1]; /* (0009,1314) 26 AT DF 2DS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:34:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SMIIdentificationLabel[LENGTH_LABEL + 1]; /* (0009,1315) 26 AT DF 2DS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CPUIdentificationLabel[LENGTH_LABEL + 1]; /* (0009,1316) 26 AT DF 2DS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HeaderVersion[LENGTH_HEADER_VERSION + 1]; /* (0009,1320) 8 AT DF 2DS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Organ[LENGTH_LABEL + 1]; /* (0011,1010) 26 AT FF 3NS-SPI */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ModifyingPhysician[LENGTH_LABEL + 1]; /* (0013,1000) 26 AT FF 2NS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:65:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientName[LENGTH_LABEL + 1]; /* (0013,1020) 26 AT FF 3NS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientId[LENGTH_PATIENT_ID + 1]; /* (0013,1022) 12 AT FF 3NS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:69:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatientMaidenName[LENGTH_LABEL + 1]; /* (0013,1032) 26 AT FF 3NS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ReferringPhysician[LENGTH_LABEL + 1]; /* (0013,1033) 26 AT FF 3NS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AdmittingDiagnosis[LENGTH_DIAGNOSIS + 1]; /* (0013,1034) 40 AT FF 3DS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ProcedureDescription_1[LENGTH_COMMENT + 1]; /* (0013,1040) 52 AT FF 3NS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:74:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ProcedureDescription_2[LENGTH_COMMENT + 1];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:117:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char RegenerationSoftwareVersion[LENGTH_SOFTWARE_VERSION + 1]; /* (0019,1182) 8 AT FF 3NS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:199:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SensitivityCorrectionLabel[LENGTH_LABEL + 1]; /* (0019,1490) 26 AT FF 2DS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:220:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ParameterFileName[LENGTH_FILE_NAME + 1]; /* (0019,1510) 64 AT FF 3NS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:221:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SequenceFileName[LENGTH_FILE_NAME + 1]; /* (0019,1511) 64 AT FF 3NS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:222:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SequenceFileOwner[LENGTH_SEQUENCE_INFO + 1]; /* (0019,1512) 8 AT FF 2DS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:223:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SequenceDescription[LENGTH_SEQUENCE_INFO + 1]; /* (0019,1513) 8 AT FF 2DS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:249:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char StudyName[LENGTH_LABEL + 1]; /* (0021,1180) 26 AT FF 3NS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_shadow_groups_types.h:352:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char EpiFileName[LENGTH_FILE_NAME + 1]; /* (0019,1514) 64 AT FF 3NS-CMS */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_type.h:22:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Ide_buf[LENGTH_GROUP_0008]; /* fill-in */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_type.h:30:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Ide_buf[LENGTH_GROUP_0009]; /* fill-in */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_type.h:38:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Pat_buf[LENGTH_GROUP_0010]; /* fill-in */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_type.h:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Pat_buf[LENGTH_GROUP_0011]; /* fill-in */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_type.h:54:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatMod_buf[LENGTH_GROUP_0013]; /* fill-in */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_type.h:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Acq_buf[LENGTH_GROUP_0018]; /* fill-in */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_type.h:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Acq1_buf[LENGTH_GROUP_0019_PART1]; /* fill-in */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_type.h:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Acq2_buf[LENGTH_GROUP_0019_PART2]; /* fill-in */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_type.h:83:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Acq3_buf[LENGTH_GROUP_0019_PART3]; /* fill-in */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_type.h:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Acq4_buf[LENGTH_GROUP_0019_PART4]; /* fill-in */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_type.h:106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Rel_buf[LENGTH_GROUP_0020]; /* fill-in */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_type.h:114:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Rel1_buf[LENGTH_GROUP_0021_PART1]; /* fill-in */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_type.h:120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Rel2_buf[LENGTH_GROUP_0021_PART2]; /* fill-in */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_type.h:127:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Rel2_buf[LENGTH_GROUP_0021_PART3]; /* fill-in */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_type.h:143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Pre_buf[LENGTH_GROUP_0028]; /* fill-in */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_type.h:151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Pre_buf[LENGTH_GROUP_0029]; /* fill-in */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_type.h:159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Txt_buf[LENGTH_GROUP_0051]; /* fill-in */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_head_type.h:167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Fill_buf[LENGTH_TO_FILL_K_BORDER]; /* fill-in */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_transformation.h:476:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char nema_patient_place_t[2][4];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_transformation.h:492:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AsBytes[4]; /* as four bytes */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_transformation.h:657:40: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((FillString), (String), (int) (StringLength)); \
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_to_dicom.c:222:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL) {
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_to_dicom.c:349:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_to_dicom.c:368:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(string, "%.15g\\%.15g\\%.15g\\%.15g\\%.15g\\%.15g",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_to_dicom.c:406:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(string, "%.15g\\%.15g\\%.15g",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_to_dicom.c:525:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[20];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_to_dicom.c:550:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(string, "%04d%02d%02d",
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_to_dicom.c:563:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[20];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_to_dicom.c:589:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(string, "%02d%02d%02d.%03d", hour, minute, second, fraction);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_to_dicom.c:706:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[64];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_to_dicom.c:722:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(string, "%.15g\\%.15g", row, col);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_to_dicom.c:736:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[64];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_to_dicom.c:752:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(string, "%ld\\%ld", x, y);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_to_dicom.c:765:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[64];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_to_dicom.c:785:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(string, "%.15g\\%.15g\\%.15g", sag, cor, tra);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/use_the_files.c:87:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command_line[512];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/use_the_files.c:128:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_prefix[256];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/use_the_files.c:130:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[512];
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/dump_ecat_header.c:68:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char svalue[ECAT_MAX_STRING_LENGTH];
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/dump_ecat_header.c:80:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = ((argc > 3) ? atoi(argv[3]) : 0);
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/dump_ecat_header.c:81:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
volume = ((argc > 4) ? atoi(argv[4]) : 0);
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/dump_ecat_header.c:82:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
slice = ((argc > 5) ? atoi(argv[5]) : 0);
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecat_file.c:194:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file->file_pointer=fopen(filename, "rb")) == NULL) {
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecat_file.c:661:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[ECAT_MAX_STRING_LENGTH];
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecat_file.c:698:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (svalue != NULL) (void) sprintf(svalue, "%d", (int) byte_value);
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecat_file.c:709:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (svalue != NULL) (void) sprintf(svalue, "%d", (int) short_value);
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecat_file.c:720:34: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (svalue != NULL) (void) sprintf(svalue, "%d", (int) long_value);
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecat_file.c:732:34: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (svalue != NULL) (void) sprintf(svalue, "%.7g",
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecat_file.c:736:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(string, &header[offset], length);
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecat_file.c:738:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ivalue != NULL) *ivalue = atoi(svalue);
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:118:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char isotope[16];
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:123:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char image_type[16];
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:141:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char img_units[16];
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:142:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_name[40];
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:143:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_sex[8];
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:145:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_birthdate[40];
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:146:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char study_id[40];
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:147:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char start_time[40];
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:154:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tracer[40];
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:155:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char injection_time[40];
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:615:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char svalue[ECAT_MAX_STRING_LENGTH];
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:1198:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:1401:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(varname, "ecat-main");
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:1406:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(varname, "ecat-subhdr");
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/machine_indep.c:21:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(&short_value, from, sizeof(short int));
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/machine_indep.c:28:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(&long_value, from, sizeof(long int));
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/machine_indep.c:36:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(&int32_value, from, sizeof(int32_t));
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/machine_indep.c:153:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) mach_value, vax_value, nvals*sizeof(short));
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/machine_indep.c:190:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) mach_value, vax_value, nvals*sizeof(long));
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/machine_indep.c:231:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) mach_value, vax_value, nvals*sizeof(float));
data/minc-tools-2.3.00+dfsg/conversion/image_filters/extract.c:48:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
skip=atol(*argv++);
data/minc-tools-2.3.00+dfsg/conversion/image_filters/extract.c:52:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pass=atol(*argv++);
data/minc-tools-2.3.00+dfsg/conversion/image_filters/extract.c:58:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp1=fopen(*argv,"r");
data/minc-tools-2.3.00+dfsg/conversion/image_filters/imageinvert.c:41:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xsize = atol(argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/image_filters/imageinvert.c:42:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ysize = atol(argv[2]);
data/minc-tools-2.3.00+dfsg/conversion/image_filters/imageinvert.c:44:25: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bytes_per_pixel = atol(argv[3]);
data/minc-tools-2.3.00+dfsg/conversion/image_filters/imagetranspose.c:38:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xsize = atol(argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/image_filters/imagetranspose.c:39:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ysize = atol(argv[2]);
data/minc-tools-2.3.00+dfsg/conversion/image_filters/imagetranspose.c:41:25: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bytes_per_pixel = atol(argv[3]);
data/minc-tools-2.3.00+dfsg/conversion/image_filters/insert.c:48:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp1=fopen(*argv,"r+");
data/minc-tools-2.3.00+dfsg/conversion/image_filters/insert.c:62:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
skip=atol(*argv++);
data/minc-tools-2.3.00+dfsg/conversion/image_filters/insert.c:66:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pass=atol(*argv++);
data/minc-tools-2.3.00+dfsg/conversion/image_filters/reecho.c:36:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nread = atol(argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/image_filters/reecho.c:37:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nrepeat = atol(argv[2]);
data/minc-tools-2.3.00+dfsg/conversion/image_filters/skipdata.c:29:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bytes_to_copy = atoi(argv[1]);
data/minc-tools-2.3.00+dfsg/conversion/image_filters/skipdata.c:30:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bytes_to_skip = atoi(argv[2]);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:396:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *_dimnames[5];
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:497:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_buf[1024];
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:505:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv_tmp[5];
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:508:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ci.hdr_fp = fopen(hdr_fname, "r"); /* Text file */
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:514:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ci.img_fp = fopen(img_fname, "rb"); /* Binary file */
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:602:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int_tmp = atoi(val_ptr);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:678:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char img_fname[1024];
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:679:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hdr_fname[1024];
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:680:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_fname[1024];
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:733:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(hdr_fname, ".hdr");
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:738:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(img_fname, ".img");
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:739:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(hdr_fname, ".img.hdr");
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:757:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(line_ptr, ".mnc");
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:784:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int file_type = atoi(val_str);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:799:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int mode_int = atoi(val_str);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:849:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ci_ptr->data_type = atoi(val_str);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:929:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(val_str) != 1) {
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:937:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ci_ptr->dim_count = atoi(val_str);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:966:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
create_dimension(ci_ptr, DIM_T, atoi(val_str));
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:972:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int x = atoi(val_str);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:981:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int y = atoi(val_str);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:990:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int z = atoi(val_str);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:999:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int w = atoi(val_str);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:1132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_buf[128];
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:1137:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str_buf, "unknown");
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:1144:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_buf, "%02d%02d%02d",
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:1148:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_buf, "%d", tmbuf.tm_year + 1900);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:1151:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_buf, "%d", tmbuf.tm_mon + 1);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:1154:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_buf, "%d", tmbuf.tm_mday);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:1164:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_buf[128];
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:1169:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str_buf, "unknown");
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:1176:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_buf, "%02d%02d%02d",
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:1180:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_buf, "%d", tmbuf.tm_year + 1900);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:1183:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_buf, "%d", tmbuf.tm_mon + 1);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:1186:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_buf, "%d", tmbuf.tm_mday);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:1220:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tmp = atoi(val_str);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:1270:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ci_ptr->frame_index = atoi(val_str);
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:1401:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tmp = (double) ((char *)data)[i];
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:1403:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)data)[i] = tmp;
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.c:87:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mptr->mhptr, proto_mhptr, sizeof(Main_header));
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.c:125:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fopen(), *fptr;
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.c:129:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fptr = fopen(fname, fmode);
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.c:134:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufr[MatBLKSIZE];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.c:143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mn[20];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.c:499:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MatBLKSIZE];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.h:44:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
__attribute__((__common__)) char matrix_errtxt[132];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.h:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic_number[14];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.h:48:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char original_file_name[32];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.h:52:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial_number[10];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.h:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char isotope_code[8];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.h:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char radiopharmaceutical[32];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.h:74:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char study_name[12];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.h:75:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_id[16];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.h:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_name[32];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.h:77:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_sex[1];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.h:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_dexterity[1];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.h:83:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char physician_name[32];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.h:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char operator_name[32];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.h:85:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char study_description[32];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.h:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char facility_name[20];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.h:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user_process_code[10];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.h:107:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_units[32];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.h:151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char annotation[40];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:27:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
else memcpy(to,from,length);
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:33:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
else memcpy(to,from,length*2);
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:126:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dptr+j, tmp, 512);
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:151:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dptr+j, tmp, 512);
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:166:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dptr+j, tmp, 512);
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:211:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufr2, bufr1, 512);
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:247:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufr2, bufr1, 512);
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:284:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { short s; char b[2]; } tmp;
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:287:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
else memcpy(&buf[*i], tmp.b, sizeof(short));
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:295:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { int i; char b[4]; } tmp;
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:296:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { short s[2]; char b[4]; } tmp1;
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:301:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
} else memcpy(&buf[*i], tmp.b, sizeof(int));
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:310:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { int u; char b[4]; } tmp;
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:311:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { short s[2]; char b[4]; } tmp1;
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:316:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
} else memcpy(&buf[*i], tmp.b, sizeof(unsigned int));
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:329:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { float f; char b[4]; } tmp;
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:330:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { short s[2]; char b[4]; } tmp1;
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:335:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
} else memcpy(&buf[*i], tmp.b, sizeof(float));
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:352:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { short s; unsigned char b[2]; } tmp, tmp1;
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:353:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp.b,&buf[*i],2);
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:366:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union {int i; unsigned char b[4]; } tmp, tmp1;
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:367:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp1.b,&buf[*i],4);
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:381:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union {unsigned int u; unsigned char b[4]; } tmp, tmp1;
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:382:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp1.b,&buf[*i],4);
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:396:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union {float f; unsigned char b[2]; } tmp, tmp1;
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:397:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp1.b, &buf[*i], sizeof(float));
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/minctoecat.c:321:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attname[NC_MAX_NAME+1];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/minctoecat.c:322:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[NC_MAX_NAME+1];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/minctoecat.c:460:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attname[NC_MAX_NAME+1];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/minctoecat.c:461:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_val[NC_MAX_NAME+1];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/minctoecat.c:507:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attname[NC_MAX_NAME+1];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/minctoecat.c:562:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attname[NC_MAX_NAME+1];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/minctoecat.c:616:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attname[NC_MAX_NAME+1];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/minctoecat.c:623:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[NC_MAX_NAME+1];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/minctoecat.c:644:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[NC_MAX_NAME+1];
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/minctoecat.c:788:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[NC_MAX_NAME];
data/minc-tools-2.3.00+dfsg/conversion/mnitominc/mnitominc.c:599:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MNI_HEADER_SIZE];
data/minc-tools-2.3.00+dfsg/conversion/mnitominc/mnitominc.c:604:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((mni_header->fp=fopen(file, "r"))==NULL) {
data/minc-tools-2.3.00+dfsg/conversion/mnitominc/mnitominc.c:742:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(mni_header->dose_units, "mCurie");
data/minc-tools-2.3.00+dfsg/conversion/mnitominc/mnitominc.h:162:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dimname[MAX_VAR_DIMS] = {MItime, NULL, NULL, NULL};
data/minc-tools-2.3.00+dfsg/conversion/mnitominc/mnitominc.h:231:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_name[MNI_PATNAM_LENGTH + 1];
data/minc-tools-2.3.00+dfsg/conversion/mnitominc/mnitominc.h:232:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_num[MNI_PATNUM_LENGTH + 1];
data/minc-tools-2.3.00+dfsg/conversion/mnitominc/mnitominc.h:233:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char start_time[MNI_ACQDAT_LENGTH + MNI_ACQTIM_LENGTH + 2];
data/minc-tools-2.3.00+dfsg/conversion/mnitominc/mnitominc.h:234:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char isotope[MNI_ISOTOPE_LENGTH + 1];
data/minc-tools-2.3.00+dfsg/conversion/mnitominc/mnitominc.h:235:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dose_string[MNI_DOSE_LENGTH + 1];
data/minc-tools-2.3.00+dfsg/conversion/mnitominc/mnitominc.h:237:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dose_units[10];
data/minc-tools-2.3.00+dfsg/conversion/mnitominc/mnitominc.h:238:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char injection_time[MNI_INJTIM_LENGTH + 1];
data/minc-tools-2.3.00+dfsg/conversion/mri_to_minc/ge_uncompress.c:14:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[2];
data/minc-tools-2.3.00+dfsg/conversion/nifti1/analyze75.h:24:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_type[10]; /* 4 + 10 - the data type of the file */
data/minc-tools-2.3.00+dfsg/conversion/nifti1/analyze75.h:25:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_name[18]; /* 14 + 18 - */
data/minc-tools-2.3.00+dfsg/conversion/nifti1/analyze75.h:39:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vox_units[4]; /* 16 + 4 - specifies the spatial units of measure for a voxel */
data/minc-tools-2.3.00+dfsg/conversion/nifti1/analyze75.h:40:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cal_units[8]; /* 20 + 8 - specifies the name of the calibration unit */
data/minc-tools-2.3.00+dfsg/conversion/nifti1/analyze75.h:64:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char descrip[80]; /* 0 + 80 */
data/minc-tools-2.3.00+dfsg/conversion/nifti1/analyze75.h:65:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aux_file[24]; /* 80 + 24 */
data/minc-tools-2.3.00+dfsg/conversion/nifti1/analyze75.h:77:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char generated[10]; /* 115 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/nifti1/analyze75.h:78:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scannum[10]; /* 125 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/nifti1/analyze75.h:79:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_id[10]; /* 135 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/nifti1/analyze75.h:80:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exp_date[10]; /* 145 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/nifti1/analyze75.h:81:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exp_time[10]; /* 155 + 10 */
data/minc-tools-2.3.00+dfsg/conversion/nifti1/analyze75.h:82:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hist_un0[3]; /* 165 + 3 */
data/minc-tools-2.3.00+dfsg/conversion/nifti1/mnc2nii.c:17:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *dimnames[MAX_NII_DIMS] = {
data/minc-tools-2.3.00+dfsg/conversion/nifti1/mnc2nii.c:195:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_str[1024]; /* Big string for filename */
data/minc-tools-2.3.00+dfsg/conversion/nifti1/mnc2nii.c:196:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_str[1024]; /* Big string for attribute values */
data/minc-tools-2.3.00+dfsg/conversion/nifti1/mnc2nii.c:402:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(nii_ptr->fname, ".hdr");
data/minc-tools-2.3.00+dfsg/conversion/nifti1/mnc2nii.c:403:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(nii_ptr->iname, ".img");
data/minc-tools-2.3.00+dfsg/conversion/nifti1/mnc2nii.c:406:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(nii_ptr->fname, ".nii");
data/minc-tools-2.3.00+dfsg/conversion/nifti1/mnc2nii.c:407:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(nii_ptr->iname, ".nii");
data/minc-tools-2.3.00+dfsg/conversion/nifti1/mnc2nii.c:410:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(nii_ptr->fname, ".hdr");
data/minc-tools-2.3.00+dfsg/conversion/nifti1/mnc2nii.c:411:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(nii_ptr->iname, ".img");
data/minc-tools-2.3.00+dfsg/conversion/nifti1/mnc2nii.c:414:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(nii_ptr->fname, ".nia");
data/minc-tools-2.3.00+dfsg/conversion/nifti1/mnc2nii.c:415:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(nii_ptr->iname, ".nia");
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti1_local.h:66:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *mnc_spatial_names[MAX_SPACE_DIMS] = {
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti1_test.c:66:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(nim->fname,".nii") ;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti1_test.c:67:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(nim->iname,".nii") ;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti1_test.c:69:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(nim->fname,".nia") ;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti1_test.c:70:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(nim->iname,".nia") ;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti1_test.c:72:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(nim->fname,".hdr") ;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti1_test.c:73:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(nim->iname,".img") ;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:1606:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atol (1.0e-50)
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:1763:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T4 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:1811:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T10 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:1847:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T14 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:1878:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#undef atol
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:1973:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atol (1.0e-50)
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:2137:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T5 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:2173:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T9 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:2206:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T12 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:2248:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#undef atol
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:2336:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atol (1.0e-50)
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:2461:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T6 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:2501:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T10 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:2536:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#undef atol
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:2634:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atol (1.0e-50)
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:2722:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T5 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:2753:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T9 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:2783:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T12 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:2810:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#undef atol
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:2905:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atol (1.0e-50)
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:3026:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T6 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:3062:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T10 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:3098:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T14 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:3129:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#undef atol
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:3237:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atol (1.0e-50)
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:3335:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T5 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:3366:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T9 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:3397:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T13 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:3427:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T16 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:3454:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#undef atol
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:3555:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atol (1.0e-50)
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:3705:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T7 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:3755:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#undef atol
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:3859:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atol (1.0e-50)
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:4017:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T6 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:4052:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T9 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:4085:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T12 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:4128:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#undef atol
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:4417:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atol (1.0e-50)
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:4527:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T6 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:4562:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T9 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:4593:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#undef atol
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:4674:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atol (1.0e-50)
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:4777:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T6 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:4813:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
T10 = atol;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti_stats.c:4844:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#undef atol
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nii2mnc.c:61:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tmp = (double) ((char *)data)[i];
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nii2mnc.c:64:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tmp = (double) ((unsigned char *)data)[i];
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nii2mnc.c:129:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_str[1024]; /* Big string for filename */
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nii2mnc.c:141:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *mnc_ordered_dim_names[MAX_SPACE_DIMS];
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nii2mnc.c:182:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(out_str, ".mnc");
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nii2mnc.c:202:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[1], "rb");
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scx_file.c:123:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file->file_pointer=fopen(filename, "rb")) == NULL) {
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scx_file.c:242:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(svalue, "%d", (int) mnem_ptr->mdefault);
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scx_file.c:312:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(bdata, &header[position], length);
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scx_file.c:330:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (svalue!=NULL) (void) sprintf(svalue, "%d", (int) bdata[0]);
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scx_file.c:336:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(svalue, bdata, length);
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scx_file.c:345:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(svalue, "%02d:%02d:%02d",
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scx_file.c:348:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(svalue, "%02d:%02d:%02d.%02d",
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scx_file.c:360:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(svalue, "%02d-%02d-%02d",
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scx_file.c:369:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (svalue!=NULL) (void) sprintf(svalue, "%d", (int) idata[0]);
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scx_file.c:374:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (svalue!=NULL) (void) sprintf(svalue, "%8g", (double) idata[0]/100.0);
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scx_file.c:379:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (svalue!=NULL) (void) sprintf(svalue, "%d", (int) ldata[0]);
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scx_file.c:384:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (svalue!=NULL) (void) sprintf(svalue, "%8g", (double) fdata[0]);
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxmnem.c:70:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char svalue[256];
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxmnem.c:82:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
multiplicity = atoi(argv[3]);
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxtominc.c:113:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxtominc.c:128:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char isotope[16];
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxtominc.c:132:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char image_type[16];
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxtominc.c:143:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char img_units[16];
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxtominc.c:144:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_name[32];
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxtominc.c:145:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patient_sex[8];
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxtominc.c:147:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char study_id[40];
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxtominc.c:148:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char start_time[40];
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxtominc.c:155:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tracer[10];
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxtominc.c:156:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char injection_time[40];
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxtominc.c:173:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int get_scx_file_info(int num_scx_files, char **scx_files,
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxtominc.c:542:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int get_scx_file_info(int num_scx_files, char **scx_files,
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxtominc.c:555:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char svalue[40];
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:56:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void read_2Dvff_files_image(mihandle_t hvol, const char **file_list,
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:61:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void read_3Dvff_file_image(mihandle_t hvol, char *filename,
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:95:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_str[1024]; /* Big string for filename */
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:431:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tmp = (double) ((unsigned char *)buffer)[i];
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:434:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tmp = (double) ((char *)buffer)[i];
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:504:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[1024];
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:505:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[10];
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:525:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file_list[i] , "rb" ) ;
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:550:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(pch+1) != 2) {
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:551:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
printf("Looking for 2D file got %d\n",atoi(pch+1));
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:554:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m2->mnc_ndims = atoi(pch+1);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:557:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m2->mnc_count[0] = atoi(pch+1);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:559:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m2->mnc_count[1] = atoi(pch+1);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:562:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rawsize = atoi(pch+1);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:567:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m2->mnc_steps[1] = atoi(pch+1);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:575:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vattrs->bands = atoi(pch+1);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:578:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch(atoi(pch+1)) {
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:593:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vattrs->day = atoi(pch+7);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:595:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vattrs->month = atoi(pch+5);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:597:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vattrs->year = atoi(pch+1);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:638:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
read_2Dvff_files_image(mihandle_t hvol, const char **file_list, int num_files,
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:669:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file_list[i] , "rb" ) ;
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:735:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[1024];
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:736:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[20];
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:750:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename , "rb" ) ;
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:778:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m2->mnc_ndims = atoi(pch+1);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:782:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m2->mnc_count[counter] = atoi(pch+1);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:795:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vattrs->y_bin = atoi(pch+1);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:798:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vattrs->z_bin = atoi(pch+1);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:801:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vattrs->bands = atoi(pch+1);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:819:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch(atoi(pch+1)) {
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:834:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vattrs->day = atoi(pch+7);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:836:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vattrs->month = atoi(pch+5);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:838:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vattrs->year = atoi(pch+1);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:895:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
read_3Dvff_file_image(mihandle_t hvol, char *filename,
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:919:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename , "rb" );
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1110:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inf = fopen(fullpath_pro,"r");
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1143:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inf = fopen(fullpath_des,"r");
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1189:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inf = fopen(fullpath_par,"r");
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1265:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DirSpec[MAX_BUF_LINE + 1];
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1266:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[MAX_BUF_LINE + 1];
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.h:51:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char string_t[511+1];
data/minc-tools-2.3.00+dfsg/progs/Proglib/minc_endian.c:12:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[sizeof(short)];
data/minc-tools-2.3.00+dfsg/progs/Proglib/vax_conversions.c:76:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) mach_value, vax_value, nvals*sizeof(short));
data/minc-tools-2.3.00+dfsg/progs/Proglib/vax_conversions.c:113:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) mach_value, vax_value, nvals*sizeof(long));
data/minc-tools-2.3.00+dfsg/progs/Proglib/vax_conversions.c:154:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) mach_value, vax_value, nvals*sizeof(float));
data/minc-tools-2.3.00+dfsg/progs/minc_modify_header/minc_modify_header.c:159:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[1024];
data/minc-tools-2.3.00+dfsg/progs/minc_modify_header/minc_modify_header.c:321:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_value + attribute_length * nctypelen(new_type),
data/minc-tools-2.3.00+dfsg/progs/mincaverage/mincaverage.c:297:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **infiles, *outfiles[3];
data/minc-tools-2.3.00+dfsg/progs/mincaverage/mincaverage.c:311:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincblob/mincblob.c:103:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *in_axis_order[4] = { MIvector_dimension, MIzspace, MIyspace, MIxspace };
data/minc-tools-2.3.00+dfsg/progs/mincblob/mincblob.c:104:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *out_axis_order[3] = { MIzspace, MIyspace, MIxspace };
data/minc-tools-2.3.00+dfsg/progs/minccalc/gram.c:1259:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/minc-tools-2.3.00+dfsg/progs/minccalc/gram.c:1276:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/minc-tools-2.3.00+dfsg/progs/minccalc/gram.c:1466:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/minc-tools-2.3.00+dfsg/progs/minccalc/minccalc.c:564:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp=fopen(filename, "r")) == NULL) {
data/minc-tools-2.3.00+dfsg/progs/mincconcat/mincconcat.c:700:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincconcat/mincconcat.c:773:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[MAX_NC_NAME], string[MI_MAX_ATTSTR_LEN];
data/minc-tools-2.3.00+dfsg/progs/mincconcat/mincconcat.c:980:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincconcat/mincconcat.c:1241:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincdump/dumplib.c:88:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(float_var_fmt, "%%.%dg", float_digits);
data/minc-tools-2.3.00+dfsg/progs/mincdump/dumplib.c:89:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(double_var_fmt, "%%.%dg", double_digits);
data/minc-tools-2.3.00+dfsg/progs/mincdump/dumplib.c:90:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(float_att_fmt, "%%#.%dgf", float_digits);
data/minc-tools-2.3.00+dfsg/progs/mincdump/dumplib.c:91:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(double_att_fmt, "%%#.%dg", double_digits);
data/minc-tools-2.3.00+dfsg/progs/mincdump/dumplib.c:105:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cfmt[MAX_CFMT_LEN];
data/minc-tools-2.3.00+dfsg/progs/mincdump/mincdump.c:209:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gps[30];
data/minc-tools-2.3.00+dfsg/progs/mincdump/mincdump.c:218:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ch = ((const signed char *)vals)[len-1];
data/minc-tools-2.3.00+dfsg/progs/mincdump/mincdump.c:221:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ch = ((const signed char *)vals)[iel];
data/minc-tools-2.3.00+dfsg/progs/mincdump/mincdump.c:239:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sc = ((const signed char *) vals)[iel] & 0377;
data/minc-tools-2.3.00+dfsg/progs/mincdump/mincdump.c:268:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sc = ((const signed char *) vals)[iel] & 0377;
data/minc-tools-2.3.00+dfsg/progs/mincdump/mincdump.h:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NC_MAX_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincdump/mincdump.h:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NC_MAX_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincdump/mincdump.h:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NC_MAX_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:358:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sout[100]; /* temporary string for each encoded output */
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:415:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void) strcat(sout, ", ");
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:457:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sout[100]; /* temporary string for each encoded output */
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:466:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void) strcat(sout, ", ");
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:505:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sout[100]; /* temporary string for each encoded output */
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:514:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void) strcat(sout, ", ");
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:555:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sout[100]; /* temporary string for each encoded output */
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:564:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void) strcat(sout, ", ");
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:603:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sout[100]; /* temporary string for each encoded output */
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:612:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void) strcat(sout, ", ");
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:651:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sout[100]; /* temporary string for each encoded output */
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:660:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void) strcat(sout, ", ");
data/minc-tools-2.3.00+dfsg/progs/mincexample/mincexample1.c:116:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimension_names[NUMBER_OF_DIMENSIONS][MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincexample/mincexample2.c:103:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimension_names[NUMBER_OF_DIMENSIONS][MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincexample/mincexample2.c:333:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(dimname, "unknown");
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:137:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%d", (signed char) *(bytep+num));
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:143:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%d",* (shortp + num));
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:149:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%d",* (intp + num));
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:155:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%.8g",* (floatp + num));
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:161:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%.16g",* (doublep + num));
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:182:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stmnt[C_MAX_STMNT];
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:348:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
val_string = cstrstr((char *) atts[iatt].val, atts[iatt].len);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:524:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stmnt[FORT_MAX_STMNT];
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:525:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[NC_MAX_NAME + 10];
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:728:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
val_string = fstrstr((char *) atts[iatt].val, atts[iatt].len);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:975:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp,"%d", schp[num]);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:981:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%d",* (shortp + num));
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:987:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%d",* (intp + num));
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:993:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%.8g",* (floatp + num));
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:999:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(cp,"%.16g",* (doublep + num));
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1031:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sp,"\"\"");
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1089:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, tstr[12];
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1106:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ostr, "char(0)");
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1130:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tstr, "char(%d)", (unsigned char)*istr);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1140:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cp, "//'");
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1163:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tstr, "//char(%d)", (unsigned char)*istr);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1252:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stmnt[FORT_MAX_STMNT];
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1253:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[FORT_MAX_STMNT];
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1269:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(stmnt, "call writerecs(ncid,");
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1295:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(stmnt, "subroutine writerecs(ncid,");
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1507:16: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void) strcat(filename,".mnc");
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1805:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sp, "_dash_");
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1809:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sp, "_dot_");
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1813:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sp, "_at_");
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1817:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sp, "_hash_");
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1821:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sp, "_lbr_");
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1825:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sp, "_rbr_");
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stmnt[C_MAX_STMNT];
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[C_MAX_STMNT];
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:128:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%d, ", *charvalp++);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:131:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%d, ", *shortvalp++);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:134:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%ld, ", (long)*intvalp++);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:137:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%.8g, ", *floatvalp++);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:140:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%#.16g", *doublevalp++);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:142:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(s2, ", ");
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:157:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%d", *charvalp);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:160:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%d", *shortvalp);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:163:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%ld", (long)*intvalp);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:166:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%.8g", *floatvalp);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:169:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%#.16g", *doublevalp++);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:184:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(stmnt,"};");
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:242:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%d", *charvalp);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:246:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%d", *shortvalp);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:250:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%ld", (long)*intvalp);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:254:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%.8g", *floatvalp);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:258:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%#.16g", *doublevalp++);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:318:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stmnt[FORT_MAX_STMNT];
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:320:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[FORT_MAX_STMNT];
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:342:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%d, ", *shortvalp++);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:345:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%d", *shortvalp);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:351:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%ld, ", (long)*intvalp++);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:354:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%ld", (long)*intvalp);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:360:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%.8g, ", *floatvalp++);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:363:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%.8g", *floatvalp);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:369:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%#.16g", *doublevalp++);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:375:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s2, "%#.16g", *doublevalp++);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:404:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stmnt[FORT_MAX_STMNT];
data/minc-tools-2.3.00+dfsg/progs/mincgen/main.c:135:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(argv[0], "r")) == NULL) {
data/minc-tools-2.3.00+dfsg/progs/mincinfo/mincinfo.c:291:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincinfo/mincinfo.c:554:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *attname, varname[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincinfo/mincinfo.c:608:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/minclookup/minclookup.c:416:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1000];
data/minc-tools-2.3.00+dfsg/progs/minclookup/minclookup.c:433:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(lookup_filename, "r");
data/minc-tools-2.3.00+dfsg/progs/mincmakescalar/mincmakescalar.c:513:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincmakevector/mincmakevector.c:276:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincmorph/kernel_io.c:77:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(kernel_file, "r");
data/minc-tools-2.3.00+dfsg/progs/mincmorph/mincmorph.c:199:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext_txt[256];
data/minc-tools-2.3.00+dfsg/progs/mincmorph/mincmorph.c:200:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_filename[MAXPATHLEN];
data/minc-tools-2.3.00+dfsg/progs/mincmorph/mincmorph.c:205:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *axis_order[VIO_MAX_DIMENSIONS] = { MIzspace, MIyspace, MIxspace, MItime, MIvector_dimension };
data/minc-tools-2.3.00+dfsg/progs/mincmorph/mincmorph.c:281:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ext_txt, "range: [%g:%g] fg/bg: [%g:%g]", op->range[0],
data/minc-tools-2.3.00+dfsg/progs/mincmorph/mincmorph.c:296:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ext_txt, "range: [%g:%g] fg/bg: [%g:%g]", op->range[0],
data/minc-tools-2.3.00+dfsg/progs/mincmorph/mincmorph.c:307:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ext_txt, "fill value: %g", op->background);
data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.c:942:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attstr[MI_MAX_ATTSTR_LEN];
data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.c:943:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.c:987:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(volume_def->units[idim], "mm");
data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.c:1351:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.c:1549:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(string, "transformation%d-filename", itrans);
data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.c:1561:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(string, "transformation%d-filedata", itrans);
data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.c:1565:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(string, "transformation%d-inverted", itrans);
data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.c:1995:10: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fp=tmpfile();
data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.h:231:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char units[WORLD_NDIMS][MI_MAX_ATTSTR_LEN];
data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.h:232:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spacetype[WORLD_NDIMS][MI_MAX_ATTSTR_LEN];
data/minc-tools-2.3.00+dfsg/progs/mincresample/resample_volumes.c:486:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincreshape/copy_data.c:787:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy((char *)chunk_data + ipix*datatype_size,
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:216:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *axis_order[MAX_VAR_DIMS+1];
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:1010:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:1085:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:1370:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:1375:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signtype[MI_MAX_ATTSTR_LEN];
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:1544:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:1545:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spacing[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:1652:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:1653:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:1694:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.h:106:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name[MAX_VAR_DIMS];
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.h:112:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name[MAX_VAR_DIMS];
data/minc-tools-2.3.00+dfsg/progs/mincsample/mincsample.c:158:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *outfiles[1];
data/minc-tools-2.3.00+dfsg/progs/mincsample/mincsample.c:240:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((md.outFP = fopen(out_fname, (append_output) ? "a" : "w")) == NULL){
data/minc-tools-2.3.00+dfsg/progs/mincsample/mincsample.c:538:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincstats/mincstats.c:954:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FP = fopen(hist_file, "w");
data/minc-tools-2.3.00+dfsg/progs/mincstats/mincstats.c:1249:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[100];
data/minc-tools-2.3.00+dfsg/progs/mincstats/mincstats.c:1251:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(str, "PctT [%3d%%]: ", (int)(pctT * 100));
data/minc-tools-2.3.00+dfsg/progs/mincstats/mincstats.c:1460:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincstats/mincstats.c:1526:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/mincstats/mincstats.c:1628:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spatial_codes[WORLD_NDIMS] = { "x", "y", "z" }; /* In x,y,z order */
data/minc-tools-2.3.00+dfsg/progs/mincview/invert_raw_image.c:47:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xsize = atol(argv[1]);
data/minc-tools-2.3.00+dfsg/progs/mincview/invert_raw_image.c:48:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ysize = atol(argv[2]);
data/minc-tools-2.3.00+dfsg/progs/mincview/invert_raw_image.c:50:25: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bytes_per_pixel = atol(argv[3]);
data/minc-tools-2.3.00+dfsg/progs/rawtominc/rawtominc.c:277:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char units[WORLD_NDIMS][MI_MAX_ATTSTR_LEN];
data/minc-tools-2.3.00+dfsg/progs/rawtominc/rawtominc.c:278:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spacetype[WORLD_NDIMS][MI_MAX_ATTSTR_LEN];
data/minc-tools-2.3.00+dfsg/progs/rawtominc/rawtominc.c:327:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dimname[MAX_VAR_DIMS];
data/minc-tools-2.3.00+dfsg/progs/rawtominc/rawtominc.c:371:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *axis_order[MAX_DIMS+1] = { MItime, MIzspace, MIyspace, MIxspace };
data/minc-tools-2.3.00+dfsg/progs/rawtominc/rawtominc.c:496:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{"-xdircos", ARGV_FLOAT, (char *) 3, (char *) dimdircos[X],
data/minc-tools-2.3.00+dfsg/progs/rawtominc/rawtominc.c:496:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{"-xdircos", ARGV_FLOAT, (char *) 3, (char *) dimdircos[X],
data/minc-tools-2.3.00+dfsg/progs/rawtominc/rawtominc.c:498:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{"-ydircos", ARGV_FLOAT, (char *) 3, (char *) dimdircos[Y],
data/minc-tools-2.3.00+dfsg/progs/rawtominc/rawtominc.c:498:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{"-ydircos", ARGV_FLOAT, (char *) 3, (char *) dimdircos[Y],
data/minc-tools-2.3.00+dfsg/progs/rawtominc/rawtominc.c:500:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{"-zdircos", ARGV_FLOAT, (char *) 3, (char *) dimdircos[Z],
data/minc-tools-2.3.00+dfsg/progs/rawtominc/rawtominc.c:500:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{"-zdircos", ARGV_FLOAT, (char *) 3, (char *) dimdircos[Z],
data/minc-tools-2.3.00+dfsg/progs/rawtominc/rawtominc.c:639:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
instream = fopen(inputfile, "r");
data/minc-tools-2.3.00+dfsg/progs/rawtominc/rawtominc.c:887:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192];
data/minc-tools-2.3.00+dfsg/progs/rawtominc/rawtominc.c:1507:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *orientation_names[STD_ORIENTATION_COUNT][MAX_DIMS] = {
data/minc-tools-2.3.00+dfsg/progs/rawtominc/rawtominc.c:1652:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attstr[MI_MAX_ATTSTR_LEN];
data/minc-tools-2.3.00+dfsg/progs/rawtominc/rawtominc.c:1653:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname1[MAX_NC_NAME];
data/minc-tools-2.3.00+dfsg/progs/rawtominc/rawtominc.c:1697:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(volume_def->units[idim], "mm");
data/minc-tools-2.3.00+dfsg/progs/xfm/transformtags.c:96:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment_string[512];
data/minc-tools-2.3.00+dfsg/progs/xfm/xfm2def.c:80:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{"-xdircos", ARGV_FLOAT, (char *)3, (char *)dircos[0],
data/minc-tools-2.3.00+dfsg/progs/xfm/xfm2def.c:80:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{"-xdircos", ARGV_FLOAT, (char *)3, (char *)dircos[0],
data/minc-tools-2.3.00+dfsg/progs/xfm/xfm2def.c:82:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{"-ydircos", ARGV_FLOAT, (char *)3, (char *)dircos[1],
data/minc-tools-2.3.00+dfsg/progs/xfm/xfm2def.c:82:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{"-ydircos", ARGV_FLOAT, (char *)3, (char *)dircos[1],
data/minc-tools-2.3.00+dfsg/progs/xfm/xfm2def.c:84:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{"-zdircos", ARGV_FLOAT, (char *)3, (char *)dircos[2],
data/minc-tools-2.3.00+dfsg/progs/xfm/xfm2def.c:84:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{"-zdircos", ARGV_FLOAT, (char *)3, (char *)dircos[2],
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_client_routines.c:1341:22: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
instance_uid = strncpy(uid_buffer, acr_create_uid(),
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:257:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(uid1);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:260:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(uid2);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:302:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = strlen(uid);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:306:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) sprintf(&uid[strlen(uid)], ".%08d", counter++);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:332:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(Implementation_class_uid, uid,
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dicom_network.c:1743:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uid_length = strlen(uid);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/dump_acr_nema.c:177:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(te_ptr->name, name, N_NAME);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/element.c:1280:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data_length = strlen(value);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/element.c:1639:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = strlen(string);
data/minc-tools-2.3.00+dfsg/conversion/Acr_nema/file_io.c:923:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
val = getc(fp);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/make_hdr.c:103:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(hdr.dime.vox_units," ");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/make_hdr.c:107:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(hdr.dime.cal_units," ");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/show_hdr.c:50:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string,hdr->dime.vox_units,4);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/show_hdr.c:53:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string,hdr->dime.cal_units,8);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/show_hdr.c:73:1: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string,hdr->hist.descrip,80);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/show_hdr.c:75:1: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string,hdr->hist.aux_file,24);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/show_hdr.c:84:1: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string,hdr->hist.generated,10);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/show_hdr.c:88:1: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string,hdr->hist.scannum,10);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/show_hdr.c:91:1: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string,hdr->hist.patient_id,10);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/show_hdr.c:94:1: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string,hdr->hist.exp_date,10);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/show_hdr.c:97:1: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string,hdr->hist.exp_time,10);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/doc/show_hdr.c:100:1: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string,hdr->hist.hist_un0,3);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:156:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string,hdr->dime.vox_units,4);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:159:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string,hdr->dime.cal_units,8);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:180:1: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string,hdr->hist.descrip,80);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:182:1: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string,hdr->hist.aux_file,24);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:186:1: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string,hdr->hist.originator,10);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:189:1: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string,hdr->hist.generated,10);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:193:1: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string,hdr->hist.scannum,10);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:196:1: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string,hdr->hist.patient_id,10);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:199:1: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string,hdr->hist.exp_date,10);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:202:1: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string,hdr->hist.exp_time,10);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:205:1: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string,hdr->hist.hist_un0,10);
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:308:1: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(type_string,"");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/analyze2minc.c:420:6: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(string_a2,"");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:148:3: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(type_string," ");
data/minc-tools-2.3.00+dfsg/conversion/ana2mnc/steve_smith_ana2mnc/minc2analyze.c:486:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(hdr.dime.cal_units," ");
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:308:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(out_dir);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:343:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(argv[ifile + 1]);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:350:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp_str = malloc(length + strlen(np->d_name) + 2);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:395:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(linebuf) != 0) {
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:522:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fname) > 32) {
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:523:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname += strlen(fname) - 32;
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dcm2mnc.c:1075:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cc = getc(fp);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_read.c:1934:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out_str, acr_find_string(group_list, element_id, ""),
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_read.c:1955:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(gi_ptr->units, "", STRING_T_LEN);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_read.c:1970:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gi_ptr->patient.sex, MI_MALE, STRING_T_LEN);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_read.c:1972:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gi_ptr->patient.sex, MI_FEMALE, STRING_T_LEN);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_read.c:1974:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gi_ptr->patient.sex, MI_OTHER, STRING_T_LEN);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_read.c:1976:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(gi_ptr->patient.sex, "", STRING_T_LEN);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_read.c:1999:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(gi_ptr->study.start_time);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_read.c:2002:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&gi_ptr->study.start_time[length],
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_read.c:2006:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gi_ptr->study.modality, MI_MRI, STRING_T_LEN);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_read.c:2008:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gi_ptr->study.modality, MI_PET, STRING_T_LEN);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_read.c:2063:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(gi_ptr->acq.slice_order, "ascending", STRING_T_LEN);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_read.c:2065:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(gi_ptr->acq.slice_order, "descending", STRING_T_LEN);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_read.c:2067:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(gi_ptr->acq.slice_order, "interleaved", STRING_T_LEN);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:811:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, (byte_ptr + byte_pos), 64);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:817:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vr, (byte_ptr + byte_pos), 4);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/dicom_to_minc.c:2374:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(value, "0");
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:229:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(scan_label[imri], "");
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:377:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(full_path) != 0) {
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:381:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(full_path, "/");
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:761:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->units) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:764:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->units) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:769:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->patient.name) > 0) {
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:778:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->patient.identification) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:781:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->patient.birth_date) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:784:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->patient.age) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:787:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->patient.sex) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:793:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->patient.position) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:801:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->patient.reg_date) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:804:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->patient.reg_time) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:809:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->study.modality) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:812:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->study.manufacturer) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:815:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->study.model) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:821:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->study.software_version) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:824:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->study.serial_no) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:827:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->study.calibration_date) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:830:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->study.calibration_time) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:833:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->study.institution) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:836:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->study.station_id) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:839:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->study.referring_physician) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:843:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->study.performing_physician) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:846:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->study.operator) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:850:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->study.procedure) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:853:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->study.study_id) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:859:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->study.acquisition_id) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:862:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->study.start_time) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:866:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->acq.series_time) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:869:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->acq.acquisition_time) > 0) /*should use this instead of the Study time*/
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:872:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->acq.image_time) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:876:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->acq.scan_seq) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:879:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->acq.series_description) > 0) /*add Series Description*/
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:882:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->acq.protocol_name) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:885:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->acq.receive_coil) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:888:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->acq.transmit_coil) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:917:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->acq.slice_order) > 0) /* add slice ordering info*/
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:943:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->acq.imaged_nucl) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:967:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->acq.phase_enc_dir) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:973:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->acq.mr_acq_type) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:976:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->acq.image_type) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:980:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->acq.comments) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:985:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->acq.MrProt) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/minc_file.c:1021:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(general_info->image_type_string) > 0)
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/string_to_filename.c:95:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(string);
data/minc-tools-2.3.00+dfsg/conversion/dcm2mnc/string_to_filename.c:134:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(string);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/dicomserver.c:550:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(last_file_name, file_list[0], sizeof(last_file_name)-1);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/dicomserver.c:592:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(last_file_name) > 0) {
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/minc_file.c:56:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STRLEN(s) ((int) strlen(s))
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/minc_file.c:118:20: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
(void) strcpy(scan_label[imri], "");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/project_file.c:101:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(project_name);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/project_file.c:116:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
project_name_given = (strlen(project_string) > (size_t) 0);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/project_file.c:135:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
index = strlen(command_line) - 1;
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/project_file.c:179:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
compare_length = strlen(OUTPUT_DEFAULT_FILE_PREFIX);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/project_file.c:187:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(dp->d_name) > (size_t) compare_length) &&
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/project_file.c:197:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(name) + length + strlen(filler))
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/project_file.c:197:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(name) + length + strlen(filler))
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/project_file.c:200:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen(filler) + strlen(name);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/project_file.c:200:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen(filler) + strlen(name);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/reply.c:89:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(uid1);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/reply.c:90:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(uid2);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/save_transferred_object.c:96:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((element == NULL) || (strlen(patient_name) == 0))
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:621:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
(void) strncpy(general_info->units, "", maxlen);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:624:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->patient.name,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:626:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->patient.identification,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:628:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->patient.birth_date,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:632:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->patient.sex, MI_MALE, maxlen);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:634:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->patient.sex, MI_FEMALE, maxlen);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:636:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->patient.sex, MI_OTHER, maxlen);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:638:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
(void) strncpy(general_info->patient.sex, "", maxlen);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:643:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->study.start_time,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:645:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(general_info->study.start_time);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:648:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(&general_info->study.start_time[length],
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:652:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->study.modality, MI_MRI, maxlen);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:653:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->study.manufacturer,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:655:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->study.model,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:657:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->study.institution,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:659:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->study.station_id,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:661:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->study.ref_physician,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:663:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->study.procedure,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:671:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = string + strlen(string) - 1;
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:674:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->acq.scan_seq, string, maxlen);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:700:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->acq.imaged_nucl,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/siemens_dicom_read.c:702:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
(void) strncpy(general_info->acq.comments, "", maxlen);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/string_to_filename.c:65:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(string);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver/use_the_files.c:166:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(command_line) > (size_t) 0) {
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:246:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void) strcat(OutDir, "/"); // make sure path ends with slash
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:311:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((element == NULL) || (strlen(model_name) == 0))
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:381:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((element == NULL) || (strlen(patient_name) == 0))
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:385:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(out_dir, "_");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:392:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((element == NULL) || (strlen(patient_id) == 0))
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:396:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(out_dir, "_");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:403:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((element == NULL) || (strlen(reg_date) == 0))
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:407:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(out_dir, "_");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:414:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((element == NULL) || (strlen(reg_time) == 0))
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:422:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp_name," ");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:426:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp_name," ");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:428:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp_name," ");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:430:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp_name, " ");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc.c:666:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(last_file_name,acq_file_list[0],sizeof(last_file_name)-1);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc2.c:215:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void) strcat(OutDir, "/"); // make sure path ends with slash
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dcm2mnc2.c:550:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(last_file_name,acq_file_list[0],sizeof(last_file_name)-1);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomreader.c:142:15: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void) strcat(OutDir, "/"); /* make sure path ends with slash */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomreader.c:432:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(last_file_name,acq_file_list[0],sizeof(last_file_name)-1);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug.c:228:16: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void) strcat(OutDir, "/"); /* make sure path ends with slash */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug.c:337:12: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void) strcat(file_prefix, "/");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug.c:766:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(last_file_name, file_list[0], sizeof(last_file_name)-1);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug.c:810:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(last_file_name) > 0) {
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:241:16: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void) strcat(OutDir, "/"); /* make sure path ends with slash */
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:714:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((element == NULL) || (strlen(model_name) == 0))
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:772:11: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(out_dir, "_");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:774:11: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(out_dir, "_");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:776:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((element == NULL) || (strlen(patient_name) == 0))
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:785:11: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(out_dir, "_");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:787:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((element == NULL) || (strlen(patient_id) == 0))
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:796:11: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(out_dir, "_");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:798:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((element == NULL) || (strlen(reg_date) == 0))
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:808:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((element == NULL) || (strlen(reg_time) == 0))
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:820:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp_name," ");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:823:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp_name," ");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:825:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp_name, " ");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:827:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp_name, " ");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:920:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(last_file_name, file_list[0], sizeof(last_file_name)-1);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/dicomserver-nondebug2.c:964:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(last_file_name) > 0) {
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:104:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STRLEN(s) ((int) strlen(s))
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:218:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(reg_time, temp_str, 6);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/minc_file.c:232:20: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
(void) strcpy(scan_label[imri], "");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/parse_dicom_groups.c:119:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(data_info->sequence_name,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/parse_dicom_groups.c:121:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(data_info->protocol_name,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/progress.c:18:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(message) > 20) {
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/project_file.c:106:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(project_name);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/project_file.c:121:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
project_name_given = (strlen(project_string) > (size_t) 0);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/project_file.c:140:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
index = strlen(command_line) - 1;
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/project_file.c:184:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
compare_length = strlen(OUTPUT_DEFAULT_FILE_PREFIX);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/project_file.c:192:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(dp->d_name) > (size_t) compare_length) &&
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/project_file.c:202:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(name) + length + strlen(filler))
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/project_file.c:202:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(name) + length + strlen(filler))
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/project_file.c:205:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen(filler) + strlen(name);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/project_file.c:205:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen(filler) + strlen(name);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/reply.c:96:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(uid1);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/reply.c:97:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(uid2);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/save_transferred_object.c:130:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((element == NULL) || (strlen(patient_name) == 0))
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:876:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
(void) strncpy(general_info->units, "", maxlen);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:879:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->patient.name,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:881:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->patient.identification,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:883:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->patient.birth_date,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:885:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->patient.age,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:889:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->patient.sex, MI_MALE, maxlen);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:891:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->patient.sex, MI_FEMALE, maxlen);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:893:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->patient.sex, MI_OTHER, maxlen);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:895:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
(void) strncpy(general_info->patient.sex, "", maxlen);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:899:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->patient.reg_date,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:901:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->patient.reg_time,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:905:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->study.start_time,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:907:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(general_info->study.start_time);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:910:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(&general_info->study.start_time[length],
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:914:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->study.modality, MI_MRI, maxlen);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:915:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->study.manufacturer,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:917:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->study.model,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:921:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->study.software_version,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:923:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->study.serial_no,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:925:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->study.calibration_date,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:927:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->study.institution,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:929:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->study.station_id,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:931:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->study.referring_physician,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:933:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->study.performing_physician,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:935:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->study.operator,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:937:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->study.procedure,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:959:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->acq.scan_seq,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:961:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->acq.seq_owner,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:963:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->acq.seq_descr,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:965:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->acq.protocol_name,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:967:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->acq.receive_coil,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:969:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->acq.transmit_coil,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:1018:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(general_info->acq.imaged_nucl,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:1051:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(general_info->acq.mr_acq_type,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:1053:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(general_info->acq.image_type,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:1056:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(general_info->acq.phase_enc_dir,
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:1058:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
(void) strncpy(general_info->acq.comments, "", maxlen);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:1065:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MALLOC(strlen(acr_find_string(group_list, EXT_MrProt_dump, "")) *
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_read.c:1071:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MALLOC(strlen("disabled")*sizeof(char));
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_send.c:346:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(file_list[ifile]);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_send.c:351:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(directory_list[idir]);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_send.c:876:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ptr = &info->match_string[strlen(info->match_string)];
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_send.c:893:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ptr = &protocol[strlen(protocol)-1]; ptr != protocol; ptr--) {
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_send.c:902:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars_to_match = strlen(info->match_string);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_send.c:903:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
protolen = strlen(ptr);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.c:949:5: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(FieldValue,"0");
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_dicom_to_minc.c:955:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ix2 = 0; ix2 < strlen(FieldValue); ix2++) {
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_transformation.h:632:24: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Header->G51.Txt.SliceOrientationNo1, (ClassLabel), (int) 3); \
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_transformation.h:636:20: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&(Header->G51.Txt.SliceOrientationNo1[4]), (No1Label), (int) 3); \
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/siemens_include/ds_transformation.h:641:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&(Header->G51.Txt.SliceOrientationNo2[4]), (No2Label), (int) 3); \
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/string_to_filename.c:81:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(string);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/string_to_filename.c:120:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(string);
data/minc-tools-2.3.00+dfsg/conversion/dicomserver_sonata/use_the_files.c:259:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(command_line) > (size_t) 0) {
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/dump_ecat_header.c:83:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((fieldname != NULL) && (strlen(fieldname) == 0))
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecat_file.c:208:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(MAGIC_STRING)) == 0) {
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:688:17: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
(void) strcpy(fip->image_type, "");
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:819:20: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
(void) strcpy(general_info->img_units, "");
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:910:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(fip->isotope) > 0) {
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:1004:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(svalue);
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:1007:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newlength = length + strlen(svalue) + 1;
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:1317:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(general_info->patient_birthdate) > 0)
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:1344:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(frame_info[0].isotope) > 0) {
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:1352:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(general_info->tracer) > 0) {
data/minc-tools-2.3.00+dfsg/conversion/ecattominc/ecattominc.c:1356:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(general_info->injection_time) > 0) {
data/minc-tools-2.3.00+dfsg/conversion/image_filters/skipdata.c:40:53: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (i=0; (i < bytes_to_copy) && ((the_byte = getchar()) != EOF); i++) {
data/minc-tools-2.3.00+dfsg/conversion/image_filters/skipdata.c:43:53: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (i=0; (i < bytes_to_skip) && ((the_byte = getchar()) != EOF); i++) {}
data/minc-tools-2.3.00+dfsg/conversion/micropet/upet2mnc.c:583:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_buf, NC_CHAR, strlen(val_ptr), val_ptr);
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/ecat_write.c:71:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mptr->fname = (char *) malloc(strlen(fname) + 1);
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:271:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&buf[*i], s, len);
data/minc-tools-2.3.00+dfsg/conversion/minctoecat/machine_indep.c:343:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, &buf[*i], len);
data/minc-tools-2.3.00+dfsg/conversion/mri_to_minc/ge_uncompress.c:37:25: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((first_byte = getc(fpin)) != EOF) {
data/minc-tools-2.3.00+dfsg/conversion/mri_to_minc/ge_uncompress.c:50:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
second_byte = getc(fpin);
data/minc-tools-2.3.00+dfsg/conversion/mri_to_minc/ge_uncompress.c:61:30: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
conv.b[Second] = getc(fpin);
data/minc-tools-2.3.00+dfsg/conversion/nifti1/mnc2nii.c:395:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nii_ptr->fname = malloc(strlen(out_str) + 4 + 1);
data/minc-tools-2.3.00+dfsg/conversion/nifti1/mnc2nii.c:396:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nii_ptr->iname = malloc(strlen(out_str) + 4 + 1);
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nifti1_test.c:62:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ll = strlen(argv[iarg]) ;
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nii2mnc.c:567:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(nii_ptr->descrip) > 0 && strlen(nii_ptr->descrip) < 79 ) {
data/minc-tools-2.3.00+dfsg/conversion/nifti1/nii2mnc.c:567:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(nii_ptr->descrip) > 0 && strlen(nii_ptr->descrip) < 79 ) {
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxtominc.c:638:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(isotope_list[i].name))==0)
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxtominc.c:742:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(SCX_MNI_GENERIC_RECONSTRUCTION_CODE)) == 0);
data/minc-tools-2.3.00+dfsg/conversion/scxtominc/scxtominc.c:785:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen(svalue);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:159:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(out_dir);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:202:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(argv[ifile + 1]);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:211:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp_str = malloc(length + strlen(np->d_name) + 2);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:387:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = miadd_history_attr(hvol,strlen(G.minc_history), G.minc_history);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:547:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, linebuf, pch-linebuf);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:558:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pch = (char*) memchr (pch+1, ' ', strlen(linebuf));
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:566:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pch = (char*) memchr (pch+1, ' ', strlen(linebuf));
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:571:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pch = (char*) memchr (pch+1, ' ', strlen(linebuf));
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:775:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, linebuf, pch-linebuf);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:783:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pch = (char*) memchr (pch+1, ' ', strlen(linebuf));
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:790:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pch = (char*) memchr (pch+1, ' ', strlen(linebuf));
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:855:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pch = (char*) memchr (pch+1, ' ', strlen(linebuf));
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1129:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"protocol", strlen(buffer) ,buffer);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1166:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"full_name",strlen(str[0]) , str[0]);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1172:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"study_id",strlen(str[1]) , str[1]);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1208:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"scan_parameters",strlen(buffer) ,buffer);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1269:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(DirSpec, G.dirname, MAX_BUF_LINE);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1271:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(DirSpec, "\\*", 3);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1273:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dirname, G.dirname, MAX_BUF_LINE);
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1275:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (G.dirname[strlen(G.dirname)-1] != '/') {
data/minc-tools-2.3.00+dfsg/conversion/vff2mnc/vff2mnc.c:1276:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dirname,"/");
data/minc-tools-2.3.00+dfsg/progs/minc_modify_header/minc_modify_header.c:185:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(string, filename, sizeof(string)-1);
data/minc-tools-2.3.00+dfsg/progs/minc_modify_header/minc_modify_header.c:188:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempfile += strlen(MINC_EXTENSION);
data/minc-tools-2.3.00+dfsg/progs/minc_modify_header/minc_modify_header.c:253:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(variable_name) == 0) {
data/minc-tools-2.3.00+dfsg/progs/minc_modify_header/minc_modify_header.c:281:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_length = strlen(attribute_list[iatt].value)+1;
data/minc-tools-2.3.00+dfsg/progs/mincaverage/mincaverage.c:447:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlength = MAX_NC_NAME - strlen(WIDTH_SUFFIX) - 1;
data/minc-tools-2.3.00+dfsg/progs/mincaverage/mincaverage.c:448:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(dimname, averaging_dimension, strlength);
data/minc-tools-2.3.00+dfsg/progs/mincaverage/mincaverage.c:1027:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = nextarg + strlen(nextarg);
data/minc-tools-2.3.00+dfsg/progs/minccalc/gram.c:1140:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/minc-tools-2.3.00+dfsg/progs/minccalc/lex.c:643:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/minc-tools-2.3.00+dfsg/progs/minccalc/lex.c:1781:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return yy_scan_bytes(yystr,strlen(yystr) );
data/minc-tools-2.3.00+dfsg/progs/minccalc/minccalc.c:582:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc(fp)) != EOF) {
data/minc-tools-2.3.00+dfsg/progs/mincconcat/mincconcat.c:626:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = nextarg + strlen(nextarg);
data/minc-tools-2.3.00+dfsg/progs/mincconcat/mincconcat.c:1449:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_length += strlen(arg_string) + 1;
data/minc-tools-2.3.00+dfsg/progs/mincdump/dumplib.c:73:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nn = strlen(cp);
data/minc-tools-2.3.00+dfsg/progs/mincdump/dumplib.c:78:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linep = (int)strlen(LINEPIND);
data/minc-tools-2.3.00+dfsg/progs/mincdump/mincdump.c:71:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new = (char *) malloc((unsigned) (strlen(cp)+1));
data/minc-tools-2.3.00+dfsg/progs/mincdump/mincdump.c:593:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*cpp = (char *) malloc(strlen(cp) + 1);
data/minc-tools-2.3.00+dfsg/progs/mincdump/mincdump.c:617:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (optarg != 0 && (int) strlen(optarg) > 0 && optarg[0] != ',')
data/minc-tools-2.3.00+dfsg/progs/mincdump/mincdump.c:648:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (optarg != 0 && (int) strlen(optarg) > 0 && optarg[0] != ',') {
data/minc-tools-2.3.00+dfsg/progs/mincdump/vardata.c:748:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set_indent ((int)strlen(vp->name) + 4);
data/minc-tools-2.3.00+dfsg/progs/mincexample/mincexample1.c:587:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_length += strlen(arg_string) + 1;
data/minc-tools-2.3.00+dfsg/progs/mincexample/mincexample2.c:672:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_length += strlen(arg_string) + 1;
data/minc-tools-2.3.00+dfsg/progs/mincextract/mincextract.c:482:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = nextArg + strlen(nextArg);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:641:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(stmnt, ")");
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:794:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int) strlen(stmnt);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1105:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ostr = (char*) emalloc(strlen("char(0)") + 1);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1132:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(tstr);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1165:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(tstr);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1283:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(stmnt, ")");
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1307:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(stmnt, ")");
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1409:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(stmnt, ")");
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1505:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename = (char *) emalloc(strlen(netcdfname) + 5);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1777:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count += strlen("_dash_") - 1;
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1780:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count += strlen("_dot_") - 1;
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1783:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count += strlen("_at_") - 1;
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1786:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count += strlen("_hash_") - 1;
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1789:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count += strlen("_lbr_") - 1;
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1792:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count += strlen("_rbr_") - 1;
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1799:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newname = (char *) ecalloc(strlen(name) + count + 1);
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1806:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp += strlen("_dash_");
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1810:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp += strlen("_dot_");
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1814:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp += strlen("_at_");
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1818:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp += strlen("_hash_");
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1822:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp += strlen("_lbr_");
data/minc-tools-2.3.00+dfsg/progs/mincgen/genlib.c:1826:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp += strlen("_rbr_");
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:99:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stmnt_len = strlen(stmnt);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:104:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(stmnt, s2, C_MAX_STMNT - strlen(stmnt) );
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:104:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(stmnt, s2, C_MAX_STMNT - strlen(stmnt) );
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:145:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stmnt_len += strlen(s2);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:151:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stmnt_len = strlen(stmnt);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:173:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stmnt_len += strlen(s2);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:179:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stmnt_len = strlen(stmnt);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:236:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val_string[strlen(val_string)-1] = '\0';
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:262:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(stmnt, s2, C_MAX_STMNT - strlen(stmnt) );
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:262:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(stmnt, s2, C_MAX_STMNT - strlen(stmnt) );
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:263:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(stmnt,";");
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:291:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*slenp += strlen(t);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:296:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*slenp = strlen(s);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:325:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stmnt_len = strlen(stmnt);
data/minc-tools-2.3.00+dfsg/progs/mincgen/load.c:389:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *dup_stmnt = emalloc(strlen(stmnt)+1);
data/minc-tools-2.3.00+dfsg/progs/mincinfo/mincinfo.c:579:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(name, attname, MAX_NC_NAME-1);
data/minc-tools-2.3.00+dfsg/progs/minclookup/minclookup.c:658:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = string + strlen(string);
data/minc-tools-2.3.00+dfsg/progs/mincmakescalar/mincmakescalar.c:443:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = nextarg + strlen(nextarg);
data/minc-tools-2.3.00+dfsg/progs/mincmorph/mincmorph.c:260:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ext_txt, "");
data/minc-tools-2.3.00+dfsg/progs/mincmorph/mincmorph.c:691:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(malloc_string, string, offset);
data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.c:1155:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(args_volume_def->units[idim]) == 0)
data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.c:1158:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(args_volume_def->spacetype[idim]) == 0)
data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.c:1397:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_length += strlen(tm_stamp) + 1;
data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.c:2000:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch=getc(stdin))!=EOF) (void) putc(ch, fp);
data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.c:2018:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (index = 0; (ch=getc(fp)) != EOF; index++) {
data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.c:2177:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(volume_def->spacetype[idim], spacetype,
data/minc-tools-2.3.00+dfsg/progs/mincresample/mincresample.c:2222:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(volume_def->units[idim], units, MI_MAX_ATTSTR_LEN);
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:851:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = nextArg + strlen(nextArg);
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:1410:14: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
(void) strncat(dimname, DIM_WIDTH_SUFFIX,
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:1411:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(dimname)-strlen(dimname)-1);
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:1489:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_length += strlen(history) + 1;
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:1614:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
(void) strncat(dimname, DIM_WIDTH_SUFFIX,
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:1615:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(dimname)-strlen(dimname)-1);
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:1664:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
(void) strncat(varname, DIM_WIDTH_SUFFIX,
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:1665:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(varname)-strlen(varname)-1);
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:1708:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
index = strlen(varname) - strlen(DIM_WIDTH_SUFFIX);
data/minc-tools-2.3.00+dfsg/progs/mincreshape/mincreshape.c:1708:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
index = strlen(varname) - strlen(DIM_WIDTH_SUFFIX);
data/minc-tools-2.3.00+dfsg/progs/mincstats/mincstats.c:1725:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = nextarg + strlen(nextarg);
data/minc-tools-2.3.00+dfsg/progs/rawtominc/rawtominc.c:793:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(attribute_list[iatt].variable) == 0) {
data/minc-tools-2.3.00+dfsg/progs/rawtominc/rawtominc.c:1417:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = nextarg + strlen(nextarg);
ANALYSIS SUMMARY:
Hits = 1996
Lines analyzed = 114175 in approximately 3.34 seconds (34212 lines/second)
Physical Source Lines of Code (SLOC) = 68865
Hits@level = [0] 1678 [1] 391 [2] 1226 [3] 8 [4] 369 [5] 2
Hits@level+ = [0+] 3674 [1+] 1996 [2+] 1605 [3+] 379 [4+] 371 [5+] 2
Hits/KSLOC@level+ = [0+] 53.3508 [1+] 28.9842 [2+] 23.3065 [3+] 5.50352 [4+] 5.38735 [5+] 0.0290423
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.