Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/mrbayes-3.2.7a/src/bayes.c Examining data/mrbayes-3.2.7a/src/bayes.h Examining data/mrbayes-3.2.7a/src/best.c Examining data/mrbayes-3.2.7a/src/best.h Examining data/mrbayes-3.2.7a/src/command.c Examining data/mrbayes-3.2.7a/src/command.h Examining data/mrbayes-3.2.7a/src/likelihood.c Examining data/mrbayes-3.2.7a/src/likelihood.h Examining data/mrbayes-3.2.7a/src/mbbeagle.c Examining data/mrbayes-3.2.7a/src/mbbeagle.h Examining data/mrbayes-3.2.7a/src/mcmc.c Examining data/mrbayes-3.2.7a/src/mcmc.h Examining data/mrbayes-3.2.7a/src/model.c Examining data/mrbayes-3.2.7a/src/model.h Examining data/mrbayes-3.2.7a/src/proposal.c Examining data/mrbayes-3.2.7a/src/proposal.h Examining data/mrbayes-3.2.7a/src/sumpt.c Examining data/mrbayes-3.2.7a/src/sumpt.h Examining data/mrbayes-3.2.7a/src/utils.c Examining data/mrbayes-3.2.7a/src/utils.h FINAL RESULTS: data/mrbayes-3.2.7a/src/bayes.c:359:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (cmdStr, "Execute %s", argv[nProcessedArgs]); data/mrbayes-3.2.7a/src/bayes.c:566:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (manFileName, "commref_mb%sp.txt", VERSION_NUMBER); /* name of command reference file */ data/mrbayes-3.2.7a/src/bayes.c:568:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (manFileName, "commref_mb%s.txt", VERSION_NUMBER); /* name of command reference file */ data/mrbayes-3.2.7a/src/command.c:479:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ((*list)[len], token); data/mrbayes-3.2.7a/src/command.c:834:33: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp, taxaNames[taxonCount]); data/mrbayes-3.2.7a/src/command.c:1228:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (nodeName, tkn); data/mrbayes-3.2.7a/src/command.c:1237:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (nodeName, tkn); data/mrbayes-3.2.7a/src/command.c:1299:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(calibrationPtr->name, defaultCalibration.name); data/mrbayes-3.2.7a/src/command.c:1305:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (calName, tempStr); data/mrbayes-3.2.7a/src/command.c:1503:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (calName, s); data/mrbayes-3.2.7a/src/command.c:1520:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(calibrationPtr->name, calName); data/mrbayes-3.2.7a/src/command.c:1682:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tempSetName, tkn); data/mrbayes-3.2.7a/src/command.c:2524:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(nodeCalibration[numDefinedConstraints].name, defaultCalibration.name); data/mrbayes-3.2.7a/src/command.c:2601:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tempSetName, tkn); data/mrbayes-3.2.7a/src/command.c:3570:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(oldToken, token); data/mrbayes-3.2.7a/src/command.c:3772:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(token, oldToken); data/mrbayes-3.2.7a/src/command.c:3824:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(token, oldToken); data/mrbayes-3.2.7a/src/command.c:3839:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (inputFileName, tkn); data/mrbayes-3.2.7a/src/command.c:4958:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (logFileName, tkn); data/mrbayes-3.2.7a/src/command.c:5007:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (title, VERSION_NUMBER); data/mrbayes-3.2.7a/src/command.c:5110:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (manFileName, tkn); data/mrbayes-3.2.7a/src/command.c:5210:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (sumtParams.sumtFileName, inputFileName); data/mrbayes-3.2.7a/src/command.c:5211:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (sumtParams.sumtOutfile, inputFileName); data/mrbayes-3.2.7a/src/command.c:5212:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (sumpParams.sumpFileName, inputFileName); data/mrbayes-3.2.7a/src/command.c:5213:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (sumpParams.sumpOutfile, inputFileName); data/mrbayes-3.2.7a/src/command.c:5214:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (comptreeParams.comptOutfile, inputFileName); data/mrbayes-3.2.7a/src/command.c:5218:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (comptreeParams.comptFileName1, "%s.t", inputFileName); data/mrbayes-3.2.7a/src/command.c:5219:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (comptreeParams.comptFileName2, "%s.t", inputFileName); data/mrbayes-3.2.7a/src/command.c:5223:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (comptreeParams.comptFileName1, "%s.run1.t", inputFileName); data/mrbayes-3.2.7a/src/command.c:5224:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (comptreeParams.comptFileName2, "%s.run2.t", inputFileName); data/mrbayes-3.2.7a/src/command.c:5228:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (plotParams.plotFileName, "%s.p", inputFileName); data/mrbayes-3.2.7a/src/command.c:5230:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (plotParams.plotFileName, "%s.run1.p", inputFileName); data/mrbayes-3.2.7a/src/command.c:5232:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (chainParams.chainFileName, inputFileName); data/mrbayes-3.2.7a/src/command.c:5822:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tempSetName, tkn); data/mrbayes-3.2.7a/src/command.c:6595:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (workingDir, tkn); data/mrbayes-3.2.7a/src/command.c:7112:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tempStr, taxaNames[i]); data/mrbayes-3.2.7a/src/command.c:7441:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tempSetName, tkn); data/mrbayes-3.2.7a/src/command.c:7740:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tempSetName, tkn); data/mrbayes-3.2.7a/src/command.c:7910:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tempName, taxaNames[i]); data/mrbayes-3.2.7a/src/command.c:7928:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tempName, constraintNames[j]); data/mrbayes-3.2.7a/src/command.c:7966:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tempName, taxaNames[i]); data/mrbayes-3.2.7a/src/command.c:8044:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (token, transFrom[i]); data/mrbayes-3.2.7a/src/command.c:8414:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tempName, transFrom[index]); data/mrbayes-3.2.7a/src/command.c:8431:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (pp->label, tempName); data/mrbayes-3.2.7a/src/command.c:8453:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (pp->label, tkn); data/mrbayes-3.2.7a/src/command.c:8739:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tempName, transFrom[index]); data/mrbayes-3.2.7a/src/command.c:8756:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (pp->label, tempName); data/mrbayes-3.2.7a/src/command.c:8803:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (pp->label, taxaNames[index]); data/mrbayes-3.2.7a/src/command.c:8828:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(t->eSetName[t->nESets-1],tempNameString); data/mrbayes-3.2.7a/src/command.c:8833:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(t->bSetName[t->nBSets-1],tempNameString); data/mrbayes-3.2.7a/src/command.c:8838:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(t->popSizeSetName,tempNameString); data/mrbayes-3.2.7a/src/command.c:9039:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (dupstring, command); data/mrbayes-3.2.7a/src/command.c:13543:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (validArg, tempStr); data/mrbayes-3.2.7a/src/mcmc.c:432:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(printString, tempStr); data/mrbayes-3.2.7a/src/mcmc.c:2465:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(inputFileName, chainParams.chainFileName); data/mrbayes-3.2.7a/src/mcmc.c:3557:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf (tkn, "%s", tempStr); data/mrbayes-3.2.7a/src/mcmc.c:3565:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (chainParams.chainFileName, tempStr); data/mrbayes-3.2.7a/src/mcmc.c:3733:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(chainParams.startTree, tempStr); data/mrbayes-3.2.7a/src/mcmc.c:3783:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(chainParams.startParams, tempStr); data/mrbayes-3.2.7a/src/mcmc.c:10487:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (localFileName, chainParams.chainFileName); data/mrbayes-3.2.7a/src/mcmc.c:10495:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.mcmc", localFileName); data/mrbayes-3.2.7a/src/mcmc.c:10505:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.p", localFileName); data/mrbayes-3.2.7a/src/mcmc.c:10507:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.run%d.p", localFileName, n+1); data/mrbayes-3.2.7a/src/mcmc.c:10517:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.t", localFileName); data/mrbayes-3.2.7a/src/mcmc.c:10519:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.tree%d.t", localFileName, i+1); data/mrbayes-3.2.7a/src/mcmc.c:10521:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.run%d.t", localFileName, n+1); data/mrbayes-3.2.7a/src/mcmc.c:10523:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.tree%d.run%d.t", localFileName, i+1, n+1); data/mrbayes-3.2.7a/src/mcmc.c:10555:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.mcmc", chainParams.chainFileName); data/mrbayes-3.2.7a/src/mcmc.c:10568:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.p", localFileName); data/mrbayes-3.2.7a/src/mcmc.c:10570:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.run%d.p", localFileName, n+1); data/mrbayes-3.2.7a/src/mcmc.c:10581:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.t", localFileName); data/mrbayes-3.2.7a/src/mcmc.c:10583:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.tree%d.t", localFileName, i+1); data/mrbayes-3.2.7a/src/mcmc.c:10585:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.run%d.t", localFileName, n+1); data/mrbayes-3.2.7a/src/mcmc.c:10587:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.tree%d.run%d.t", localFileName, i+1, n+1); data/mrbayes-3.2.7a/src/mcmc.c:10600:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.ss", chainParams.chainFileName); data/mrbayes-3.2.7a/src/mcmc.c:10610:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s%s.ckp", workingDir, chainParams.chainFileName); data/mrbayes-3.2.7a/src/mcmc.c:10611:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (bkupName, fileName); data/mrbayes-3.2.7a/src/mcmc.c:10622:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.dump", localFileName); data/mrbayes-3.2.7a/src/mcmc.c:10624:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.run%d.dump", localFileName, n+1); data/mrbayes-3.2.7a/src/mcmc.c:11237:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ckpFileName, "%s.ckp", chainParams.chainFileName); data/mrbayes-3.2.7a/src/mcmc.c:11238:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (bkupFileName, ckpFileName); data/mrbayes-3.2.7a/src/mcmc.c:11240:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (oldBkupFileName, bkupFileName); data/mrbayes-3.2.7a/src/mcmc.c:14965:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tree->name, GetTreeFromIndex(j, i, 0)->name); data/mrbayes-3.2.7a/src/mcmc.c:14967:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tree->name, GetTreeFromIndex(j, i, 0)->name); data/mrbayes-3.2.7a/src/mcmc.c:15445:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (localFileName, chainParams.chainFileName); data/mrbayes-3.2.7a/src/mcmc.c:15451:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.p", localFileName); data/mrbayes-3.2.7a/src/mcmc.c:15453:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.run%d.p", localFileName, n+1); data/mrbayes-3.2.7a/src/mcmc.c:15461:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.t", localFileName); data/mrbayes-3.2.7a/src/mcmc.c:15463:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.tree%d.t", localFileName, i+1); data/mrbayes-3.2.7a/src/mcmc.c:15465:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.run%d.t", localFileName, n+1); data/mrbayes-3.2.7a/src/mcmc.c:15467:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.tree%d.run%d.t", localFileName, i+1, n+1); data/mrbayes-3.2.7a/src/mcmc.c:15477:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.mcmc", localFileName); data/mrbayes-3.2.7a/src/mcmc.c:15487:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.dump", localFileName); data/mrbayes-3.2.7a/src/mcmc.c:15489:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.run%d.dump", localFileName, n+1); data/mrbayes-3.2.7a/src/mcmc.c:15918:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (localFileName, chainParams.chainFileName); data/mrbayes-3.2.7a/src/mcmc.c:15924:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s%s.p", workingDir, localFileName); data/mrbayes-3.2.7a/src/mcmc.c:15926:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s%s.run%d.p", workingDir, localFileName, n+1); data/mrbayes-3.2.7a/src/mcmc.c:15927:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bkupName,fileName); data/mrbayes-3.2.7a/src/mcmc.c:15944:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s%s.t", workingDir, localFileName); data/mrbayes-3.2.7a/src/mcmc.c:15946:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s%s.tree%d.t", workingDir, localFileName, i+1); data/mrbayes-3.2.7a/src/mcmc.c:15948:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s%s.run%d.t", workingDir, localFileName, n+1); data/mrbayes-3.2.7a/src/mcmc.c:15950:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s%s.tree%d.run%d.t", workingDir, localFileName, i+1, n+1); data/mrbayes-3.2.7a/src/mcmc.c:15951:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bkupName,fileName); data/mrbayes-3.2.7a/src/mcmc.c:15969:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s%s.ss", workingDir, chainParams.chainFileName); data/mrbayes-3.2.7a/src/mcmc.c:15970:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bkupName,fileName); data/mrbayes-3.2.7a/src/mcmc.c:15987:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s%s.mcmc", workingDir, chainParams.chainFileName); data/mrbayes-3.2.7a/src/mcmc.c:15988:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bkupName,fileName); data/mrbayes-3.2.7a/src/mcmc.c:16008:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.dump", localFileName); data/mrbayes-3.2.7a/src/mcmc.c:16010:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName, "%s.run%d.dump", localFileName, n+1); data/mrbayes-3.2.7a/src/mcmc.c:17361:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (ckpFileName, "%s%s.ckp", workingDir, chainParams.chainFileName); data/mrbayes-3.2.7a/src/mcmc.c:17362:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (bkupFileName,"%s.ss%d", ckpFileName,chainParams.numStepsSS-stepIndexSS); data/mrbayes-3.2.7a/src/mcmc.c:17368:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (bkupFileName, ckpFileName); data/mrbayes-3.2.7a/src/mcmc.c:17730:18: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. retval = vsnprintf (*target, *targetLen, fmt, argp); data/mrbayes-3.2.7a/src/mcmc.c:17921:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (sumtParams.sumtFileName, chainParams.chainFileName); data/mrbayes-3.2.7a/src/mcmc.c:17922:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (sumtParams.sumtOutfile, chainParams.chainFileName); data/mrbayes-3.2.7a/src/mcmc.c:17923:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (sumpParams.sumpFileName, chainParams.chainFileName); data/mrbayes-3.2.7a/src/mcmc.c:17924:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (sumpParams.sumpOutfile, chainParams.chainFileName); data/mrbayes-3.2.7a/src/mcmc.c:17927:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (comptreeParams.comptFileName1, "%s.t", chainParams.chainFileName); data/mrbayes-3.2.7a/src/mcmc.c:17928:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (comptreeParams.comptFileName2, "%s.t", chainParams.chainFileName); data/mrbayes-3.2.7a/src/mcmc.c:17929:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (plotParams.plotFileName, "%s.p", chainParams.chainFileName); data/mrbayes-3.2.7a/src/mcmc.c:17934:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (comptreeParams.comptFileName1, "%s.run1.t", chainParams.chainFileName); data/mrbayes-3.2.7a/src/mcmc.c:17935:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (comptreeParams.comptFileName2, "%s.run2.t", chainParams.chainFileName); data/mrbayes-3.2.7a/src/mcmc.c:17936:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (plotParams.plotFileName, "%s.run1.p", chainParams.chainFileName); data/mrbayes-3.2.7a/src/model.c:568:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (temp->name, "%s(%s%s)", moveType->shortName, moveType->paramName, partitionDescriptor); data/mrbayes-3.2.7a/src/model.c:571:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (temp->name, "%s(%s", moveType->shortName, param->name); data/mrbayes-3.2.7a/src/model.c:577:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp->name,param->subParams[i]->name); data/mrbayes-3.2.7a/src/model.c:3118:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].nucModel, tempStr); data/mrbayes-3.2.7a/src/model.c:3165:33: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].nst, tempStr); data/mrbayes-3.2.7a/src/model.c:3557:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].omegaVar, tempStr); data/mrbayes-3.2.7a/src/model.c:3589:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].geneticCode, tempStr); data/mrbayes-3.2.7a/src/model.c:3623:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].ploidy, tempStr); data/mrbayes-3.2.7a/src/model.c:3665:33: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].ratesModel, tempStr); data/mrbayes-3.2.7a/src/model.c:3698:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].covarionModel, tempStr); data/mrbayes-3.2.7a/src/model.c:3880:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp, headerNames[n]); data/mrbayes-3.2.7a/src/model.c:3968:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (plotParams.plotFileName, tkn); data/mrbayes-3.2.7a/src/model.c:4057:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (plotParams.parameter, tkn); data/mrbayes-3.2.7a/src/model.c:4071:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (plotParams.match, tempStr); data/mrbayes-3.2.7a/src/model.c:4572:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].tRatioPr, tempStr); data/mrbayes-3.2.7a/src/model.c:4679:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].revMatPr, tempStr); data/mrbayes-3.2.7a/src/model.c:4712:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tempStr,modelParams[i].revMatPr); data/mrbayes-3.2.7a/src/model.c:4815:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].aaRevMatPr, tempStr); data/mrbayes-3.2.7a/src/model.c:4847:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tempStr,modelParams[i].aaRevMatPr); data/mrbayes-3.2.7a/src/model.c:5084:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].omegaPr, tempStr); data/mrbayes-3.2.7a/src/model.c:5191:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].ny98omega1pr, tempStr); data/mrbayes-3.2.7a/src/model.c:5281:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].ny98omega3pr, tempStr); data/mrbayes-3.2.7a/src/model.c:5381:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].m3omegapr, tempStr); data/mrbayes-3.2.7a/src/model.c:5478:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].codonCatFreqPr, tempStr); data/mrbayes-3.2.7a/src/model.c:5575:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].shapePr, tempStr); data/mrbayes-3.2.7a/src/model.c:5695:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].pInvarPr, tempStr); data/mrbayes-3.2.7a/src/model.c:5795:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].adGammaCorPr, tempStr); data/mrbayes-3.2.7a/src/model.c:5911:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].brownCorPr, tempStr); data/mrbayes-3.2.7a/src/model.c:6029:33: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].ratePr, tempStr); data/mrbayes-3.2.7a/src/model.c:6158:33: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].generatePr, tempStr); data/mrbayes-3.2.7a/src/model.c:6285:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].covSwitchPr, tempStr); data/mrbayes-3.2.7a/src/model.c:6396:33: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].symPiPr, tempStr); data/mrbayes-3.2.7a/src/model.c:6534:33: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].stateFreqPr, tempStr); data/mrbayes-3.2.7a/src/model.c:6735:33: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].topologyPr, tempStr); data/mrbayes-3.2.7a/src/model.c:6750:41: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].brlensPr, defaultModel.brlensPr); data/mrbayes-3.2.7a/src/model.c:6966:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].nodeAgePr, tempStr); data/mrbayes-3.2.7a/src/model.c:7002:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].clockVarPr, tempStr); data/mrbayes-3.2.7a/src/model.c:7037:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (colonPr, tempStr); data/mrbayes-3.2.7a/src/model.c:7041:33: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].brlensPr, tempStr); data/mrbayes-3.2.7a/src/model.c:7398:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].speciationPr, tempStr); data/mrbayes-3.2.7a/src/model.c:7496:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].extinctionPr, tempStr); data/mrbayes-3.2.7a/src/model.c:7579:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].fossilizationPr, tempStr); data/mrbayes-3.2.7a/src/model.c:7666:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].sampleStrat, tempStr); data/mrbayes-3.2.7a/src/model.c:7901:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].treeAgePr.name, tempStr); data/mrbayes-3.2.7a/src/model.c:7987:25: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(modelParams[i].treeAgePr.name, tempStr); data/mrbayes-3.2.7a/src/model.c:8118:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].clockRatePr, tempStr); data/mrbayes-3.2.7a/src/model.c:8276:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].popSizePr, tempStr); data/mrbayes-3.2.7a/src/model.c:8445:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].popVarPr, tempStr); data/mrbayes-3.2.7a/src/model.c:8477:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].cppRatePr, tempStr); data/mrbayes-3.2.7a/src/model.c:8552:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].cppMultDevPr, tempStr); data/mrbayes-3.2.7a/src/model.c:8617:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].tk02varPr, tempStr); data/mrbayes-3.2.7a/src/model.c:8712:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].igrvarPr, tempStr); data/mrbayes-3.2.7a/src/model.c:8807:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].mixedvarPr, tempStr); data/mrbayes-3.2.7a/src/model.c:8906:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].growthPr, tempStr); data/mrbayes-3.2.7a/src/model.c:9037:33: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].aaModelPr, tempStr); data/mrbayes-3.2.7a/src/model.c:9108:37: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].aaModel, tempStr); data/mrbayes-3.2.7a/src/model.c:9273:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].brownScalesPr, tempStr); data/mrbayes-3.2.7a/src/model.c:9388:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].m10betapr, tempStr); data/mrbayes-3.2.7a/src/model.c:9493:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].m10gammapr, tempStr); data/mrbayes-3.2.7a/src/model.c:9766:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].tratioFormat, tempStr); data/mrbayes-3.2.7a/src/model.c:9801:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].revmatFormat, tempStr); data/mrbayes-3.2.7a/src/model.c:9836:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].ratemultFormat, tempStr); data/mrbayes-3.2.7a/src/model.c:9867:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].treeFormat, tempStr); data/mrbayes-3.2.7a/src/model.c:9898:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelParams[i].inferAncStates,tempStr); data/mrbayes-3.2.7a/src/model.c:9940:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (modelParams[i].inferSiteRates, tempStr); data/mrbayes-3.2.7a/src/model.c:9982:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (modelParams[i].inferPosSel, tempStr); data/mrbayes-3.2.7a/src/model.c:10024:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (modelParams[i].inferSiteOmegas, tempStr); data/mrbayes-3.2.7a/src/model.c:12856:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (localName, treeName); data/mrbayes-3.2.7a/src/model.c:12863:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp, userTree[i]->name); data/mrbayes-3.2.7a/src/model.c:12876:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp, userTree[i]->name); data/mrbayes-3.2.7a/src/model.c:15411:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tempName, localTaxonNames[i]); data/mrbayes-3.2.7a/src/model.c:18795:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (temp, "pi(%s)", tempCodon); data/mrbayes-3.2.7a/src/model.c:18801:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (temp, "\tpi(%s)", tempCodon); data/mrbayes-3.2.7a/src/model.c:20441:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (modelParams[j].ratemultFormat, modelParams[i].ratemultFormat); data/mrbayes-3.2.7a/src/sumpt.c:235:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (temp, "%s.p", sumpParams.sumpFileName); data/mrbayes-3.2.7a/src/sumpt.c:237:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (temp, "%s.run%d.p", sumpParams.sumpFileName, i+1); data/mrbayes-3.2.7a/src/sumpt.c:276:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (temp, "%s.p", sumpParams.sumpFileName); data/mrbayes-3.2.7a/src/sumpt.c:278:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (temp, "%s.run%d.p", sumpParams.sumpFileName, i+1); data/mrbayes-3.2.7a/src/sumpt.c:581:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (temp, "%s.p", sumpParams.sumpFileName); data/mrbayes-3.2.7a/src/sumpt.c:583:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (temp, "%s.run%d.p", sumpParams.sumpFileName, i+1); data/mrbayes-3.2.7a/src/sumpt.c:622:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (temp, "%s.p", sumpParams.sumpFileName); data/mrbayes-3.2.7a/src/sumpt.c:624:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (temp, "%s.run%d.p", sumpParams.sumpFileName, i+1); data/mrbayes-3.2.7a/src/sumpt.c:1108:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf (tkn, "%s", tempStr); data/mrbayes-3.2.7a/src/sumpt.c:1109:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (sumpParams.sumpFileName, tempStr); data/mrbayes-3.2.7a/src/sumpt.c:1110:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (sumpParams.sumpOutfile, tempStr); data/mrbayes-3.2.7a/src/sumpt.c:1133:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf (tkn, "%s", tempStr); data/mrbayes-3.2.7a/src/sumpt.c:1134:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (sumpParams.sumpOutfile, tempStr); data/mrbayes-3.2.7a/src/sumpt.c:1359:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf (tkn, "%s", tempStr); data/mrbayes-3.2.7a/src/sumpt.c:1360:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (sumpParams.sumpFileName, tempStr); data/mrbayes-3.2.7a/src/sumpt.c:1361:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (sumpParams.sumpOutfile, tempStr); data/mrbayes-3.2.7a/src/sumpt.c:1778:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(headerLine, s); data/mrbayes-3.2.7a/src/sumpt.c:1984:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp, headerNames[i]); data/mrbayes-3.2.7a/src/sumpt.c:2046:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp, headerNames[i]); data/mrbayes-3.2.7a/src/sumpt.c:2252:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (temp, "%s[%s]", headerNames[i], modelElementNames[j][elem[j1].index]); data/mrbayes-3.2.7a/src/sumpt.c:2258:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (temp, "%s[%s]", headerNames[i], modelElementNames[j][elem[j1].index]); data/mrbayes-3.2.7a/src/sumpt.c:3239:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(t->nodes[i].label, sumtParams.taxaNames[i]); data/mrbayes-3.2.7a/src/sumpt.c:3799:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sumtParams.curFileName, comptreeParams.comptFileName1); data/mrbayes-3.2.7a/src/sumpt.c:3858:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (sumtParams.curFileName, comptreeParams.comptFileName2); data/mrbayes-3.2.7a/src/sumpt.c:4427:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (comptreeParams.comptFileName1, tkn); data/mrbayes-3.2.7a/src/sumpt.c:4444:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (comptreeParams.comptFileName2, tkn); data/mrbayes-3.2.7a/src/sumpt.c:4461:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (comptreeParams.comptOutfile, tkn); data/mrbayes-3.2.7a/src/sumpt.c:4610:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (inRefName, "%s.t", comptreeParams.comptFileName2); data/mrbayes-3.2.7a/src/sumpt.c:4612:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (inRefName, "%s.run%d.t", comptreeParams.comptFileName2, n+1); data/mrbayes-3.2.7a/src/sumpt.c:4684:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (outName, comptreeParams.comptOutfile); data/mrbayes-3.2.7a/src/sumpt.c:4697:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(inName, comptreeParams.comptFileName1); data/mrbayes-3.2.7a/src/sumpt.c:4929:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fileName,"%s.tree%d", sumtParams.sumtFileName, treeNo+1); data/mrbayes-3.2.7a/src/sumpt.c:4931:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (fileName, sumtParams.sumtFileName); data/mrbayes-3.2.7a/src/sumpt.c:4956:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tempName, "%s.t", fileName); data/mrbayes-3.2.7a/src/sumpt.c:4958:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tempName, "%s.run%d.t", fileName, sumtParams.runId+1); data/mrbayes-3.2.7a/src/sumpt.c:4959:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sumtParams.curFileName, tempName); data/mrbayes-3.2.7a/src/sumpt.c:5056:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tempName, "%s.ratemult", chainParams.chainFileName); data/mrbayes-3.2.7a/src/sumpt.c:5581:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (divString, treeName+4); data/mrbayes-3.2.7a/src/sumpt.c:5600:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (divString, treeName+4); data/mrbayes-3.2.7a/src/sumpt.c:5619:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (divString, treeName+4); data/mrbayes-3.2.7a/src/sumpt.c:5725:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( divString, treeName+4); data/mrbayes-3.2.7a/src/sumpt.c:5871:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (sumtParams.sumtFileName, tkn); data/mrbayes-3.2.7a/src/sumpt.c:5872:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sumtParams.sumtOutfile, tkn); data/mrbayes-3.2.7a/src/sumpt.c:6008:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (sumtParams.sumtConType, tempStr); data/mrbayes-3.2.7a/src/sumpt.c:6211:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf (tkn, "%s", tempStr); data/mrbayes-3.2.7a/src/sumpt.c:6212:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (sumtParams.sumtOutfile, tempStr); data/mrbayes-3.2.7a/src/sumpt.c:6529:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sumtParams.popSizeSetName, t->popSizeSetName); data/mrbayes-3.2.7a/src/sumpt.c:6703:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (treeName, sumtToken); data/mrbayes-3.2.7a/src/sumpt.c:6708:25: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (treeName, sumtToken); data/mrbayes-3.2.7a/src/sumpt.c:7012:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (pFilename, comptreeParams.comptOutfile); data/mrbayes-3.2.7a/src/sumpt.c:7013:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (dFilename, comptreeParams.comptOutfile); data/mrbayes-3.2.7a/src/sumpt.c:7097:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (pFilename, "%s.tree%d.parts", sumtParams.sumtOutfile, i+1); data/mrbayes-3.2.7a/src/sumpt.c:7098:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sFilename, "%s.tree%d.tstat", sumtParams.sumtOutfile, i+1); data/mrbayes-3.2.7a/src/sumpt.c:7099:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (vFilename, "%s.tree%d.vstat", sumtParams.sumtOutfile, i+1); data/mrbayes-3.2.7a/src/sumpt.c:7100:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (cFilename, "%s.tree%d.con.tre", sumtParams.sumtOutfile, i+1); data/mrbayes-3.2.7a/src/sumpt.c:7101:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tFilename, "%s.tree%d.trprobs", sumtParams.sumtOutfile, i+1); data/mrbayes-3.2.7a/src/sumpt.c:7105:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (pFilename, "%s.parts", sumtParams.sumtOutfile); data/mrbayes-3.2.7a/src/sumpt.c:7106:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sFilename, "%s.tstat", sumtParams.sumtOutfile); data/mrbayes-3.2.7a/src/sumpt.c:7107:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (vFilename, "%s.vstat", sumtParams.sumtOutfile); data/mrbayes-3.2.7a/src/sumpt.c:7108:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (cFilename, "%s.con.tre", sumtParams.sumtOutfile); data/mrbayes-3.2.7a/src/sumpt.c:7109:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tFilename, "%s.trprobs", sumtParams.sumtOutfile); data/mrbayes-3.2.7a/src/sumpt.c:7161:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (pFilename, "%s.tree%d.parts", sumtParams.sumtOutfile, treeNo+1); data/mrbayes-3.2.7a/src/sumpt.c:7162:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sFilename, "%s.tree%d.tstat", sumtParams.sumtOutfile, treeNo+1); data/mrbayes-3.2.7a/src/sumpt.c:7163:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (vFilename, "%s.tree%d.vstat", sumtParams.sumtOutfile, treeNo+1); data/mrbayes-3.2.7a/src/sumpt.c:7164:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (cFilename, "%s.tree%d.con.tre", sumtParams.sumtOutfile, treeNo+1); data/mrbayes-3.2.7a/src/sumpt.c:7165:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tFilename, "%s.tree%d.trprobs", sumtParams.sumtOutfile, treeNo+1); data/mrbayes-3.2.7a/src/sumpt.c:7169:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (pFilename, "%s.parts", sumtParams.sumtOutfile); data/mrbayes-3.2.7a/src/sumpt.c:7170:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sFilename, "%s.tstat", sumtParams.sumtOutfile); data/mrbayes-3.2.7a/src/sumpt.c:7171:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (vFilename, "%s.vstat", sumtParams.sumtOutfile); data/mrbayes-3.2.7a/src/sumpt.c:7172:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (cFilename, "%s.con.tre", sumtParams.sumtOutfile); data/mrbayes-3.2.7a/src/sumpt.c:7173:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tFilename, "%s.trprobs", sumtParams.sumtOutfile); data/mrbayes-3.2.7a/src/sumpt.c:7259:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (filename, "%s.tree%d.brparams", sumtParams.sumtOutfile, treeNo+1); data/mrbayes-3.2.7a/src/sumpt.c:7261:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (filename, "%s.brparams", sumtParams.sumtOutfile); data/mrbayes-3.2.7a/src/sumpt.c:7670:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tempStr, taxaNames[i]); data/mrbayes-3.2.7a/src/sumpt.c:7710:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tempStr, taxaNames[i]); data/mrbayes-3.2.7a/src/sumpt.c:7909:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (printLine+to+2,"%s", label); data/mrbayes-3.2.7a/src/sumpt.c:8173:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (printLine+treeWidth+1,"%s", label); data/mrbayes-3.2.7a/src/utils.c:1152:13: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf (format, ptr); data/mrbayes-3.2.7a/src/utils.c:1163:17: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (logFileFp, format, ptr); data/mrbayes-3.2.7a/src/utils.c:1175:13: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf (format, ptr); data/mrbayes-3.2.7a/src/utils.c:1189:17: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (logFileFp, format, ptr); data/mrbayes-3.2.7a/src/utils.c:1207:9: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (f, format, ptr); data/mrbayes-3.2.7a/src/utils.c:1213:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (f, format, ptr); data/mrbayes-3.2.7a/src/utils.c:1289:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fileName, workingDir); data/mrbayes-3.2.7a/src/utils.c:1307:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fileName, workingDir); data/mrbayes-3.2.7a/src/utils.c:1325:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fileName, workingDir); data/mrbayes-3.2.7a/src/utils.c:1342:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fileName, workingDir); data/mrbayes-3.2.7a/src/utils.c:1360:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fileName, workingDir); data/mrbayes-3.2.7a/src/utils.c:1606:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (*target, source); data/mrbayes-3.2.7a/src/utils.c:1623:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (*target, source); data/mrbayes-3.2.7a/src/utils.c:1747:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fileName, workingDir); data/mrbayes-3.2.7a/src/utils.c:2373:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (pp->label, localTaxonNames[pp->index]); data/mrbayes-3.2.7a/src/utils.c:2922:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p->label, q->label); data/mrbayes-3.2.7a/src/utils.c:3065:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (to->name, from->name); data/mrbayes-3.2.7a/src/utils.c:3087:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (to->bSetName[i], from->bSetName[i]); data/mrbayes-3.2.7a/src/utils.c:3095:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (to->eSetName[i], from->eSetName[i]); data/mrbayes-3.2.7a/src/utils.c:3121:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (to->popSizeSetName, from->popSizeSetName); data/mrbayes-3.2.7a/src/utils.c:3418:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (to->name, from->name); data/mrbayes-3.2.7a/src/utils.c:5694:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(qa->label, q->label); data/mrbayes-3.2.7a/src/utils.c:7435:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (labelLine, p->label); data/mrbayes-3.2.7a/src/utils.c:7536:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (labelLine, t->root->label); data/mrbayes-3.2.7a/src/bayes.c:236:18: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt(argc, argv, "hiIv")) != -1) { data/mrbayes-3.2.7a/src/bayes.c:99:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workingDir[100]; /* working directory */ data/mrbayes-3.2.7a/src/bayes.c:123:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char poltmp[256]; data/mrbayes-3.2.7a/src/bayes.c:145:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(poltmp, "\nlastError = %d", lastError); data/mrbayes-3.2.7a/src/bayes.c:218:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdStr[CMD_STRING_LENGTH]; data/mrbayes-3.2.7a/src/bayes.c:387:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (cmdStr,"quit;\n"); data/mrbayes-3.2.7a/src/bayes.c:416:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (cmdStr,"quit;\n"); data/mrbayes-3.2.7a/src/bayes.c:574:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(logFileName, "log.out"); /* name of the log file */ data/mrbayes-3.2.7a/src/bayes.c:665:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.codingString, "All"); /* ascertainment bias string */ data/mrbayes-3.2.7a/src/bayes.c:666:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.nucModel, "4by4"); /* nucleotide model */ data/mrbayes-3.2.7a/src/bayes.c:668:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.aaModelPr, "Fixed"); /* amino acid model prior */ data/mrbayes-3.2.7a/src/bayes.c:671:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.aaModel, "Poisson"); /* amino acid model */ data/mrbayes-3.2.7a/src/bayes.c:672:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.parsModel, "No"); /* do not use parsimony model */ data/mrbayes-3.2.7a/src/bayes.c:673:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.geneticCode, "Universal"); /* genetic code */ data/mrbayes-3.2.7a/src/bayes.c:674:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.ploidy, "Diploid"); /* ploidy level */ data/mrbayes-3.2.7a/src/bayes.c:675:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.omegaVar, "Equal"); /* omega variation */ data/mrbayes-3.2.7a/src/bayes.c:676:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.ratesModel, "Equal"); /* rates across sites model */ data/mrbayes-3.2.7a/src/bayes.c:680:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.useGibbs,"No"); /* do not use Gibbs sampling of rate cats by default */ data/mrbayes-3.2.7a/src/bayes.c:683:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.covarionModel, "No"); /* use covarion model? (yes/no) */ data/mrbayes-3.2.7a/src/bayes.c:684:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.augmentData, "No"); /* should data be augmented */ data/mrbayes-3.2.7a/src/bayes.c:685:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.tRatioPr, "Beta"); /* prior for ti/tv rate ratio */ data/mrbayes-3.2.7a/src/bayes.c:689:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.revMatPr, "Dirichlet"); /* prior for GTR model (nucleotides) */ data/mrbayes-3.2.7a/src/bayes.c:696:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (defaultModel.aaRevMatPr, "Dirichlet"); /* prior for GTR model (proteins) */ data/mrbayes-3.2.7a/src/bayes.c:702:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.omegaPr, "Dirichlet"); /* prior for omega */ data/mrbayes-3.2.7a/src/bayes.c:706:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.ny98omega1pr, "Beta"); /* prior for class 1 omega (Ny98 model) */ data/mrbayes-3.2.7a/src/bayes.c:710:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.ny98omega3pr, "Exponential"); /* prior for class 3 omega (Ny98 model) */ data/mrbayes-3.2.7a/src/bayes.c:715:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.m3omegapr, "Exponential"); /* prior for all three omegas (M3 model) */ data/mrbayes-3.2.7a/src/bayes.c:719:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.m10betapr, "Uniform"); /* prior for omega variation (M10 model) */ data/mrbayes-3.2.7a/src/bayes.c:720:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.m10gammapr, "Uniform"); data/mrbayes-3.2.7a/src/bayes.c:733:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.codonCatFreqPr, "Dirichlet"); /* prior for selection cat frequencies */ data/mrbayes-3.2.7a/src/bayes.c:740:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.stateFreqPr, "Dirichlet"); /* prior for character state frequencies */ data/mrbayes-3.2.7a/src/bayes.c:741:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.stateFreqsFixType, "Equal"); data/mrbayes-3.2.7a/src/bayes.c:748:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.shapePr, "Exponential"); /* prior for gamma/lnorm shape parameter */ data/mrbayes-3.2.7a/src/bayes.c:753:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.pInvarPr, "Uniform"); /* prior for proportion of invariable sites */ data/mrbayes-3.2.7a/src/bayes.c:757:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.adGammaCorPr, "Uniform"); /* prior for correlation param of adGamma model */ data/mrbayes-3.2.7a/src/bayes.c:761:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.covSwitchPr, "Uniform"); /* prior for switching rates of covarion model */ data/mrbayes-3.2.7a/src/bayes.c:767:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.symPiPr, "Fixed"); /* prior for pi when unidentifiable states used */ data/mrbayes-3.2.7a/src/bayes.c:772:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.brownCorPr, "Fixed"); /* prior on correlation of brownian model */ data/mrbayes-3.2.7a/src/bayes.c:776:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.brownScalesPr, "Gammamean"); /* prior on scales of brownian model */ data/mrbayes-3.2.7a/src/bayes.c:783:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.topologyPr, "Uniform"); /* prior for tree topology */ data/mrbayes-3.2.7a/src/bayes.c:786:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.brlensPr, "Unconstrained"); /* prior on branch lengths */ data/mrbayes-3.2.7a/src/bayes.c:800:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.unconstrainedPr, "GammaDir"); /* prior on branches if unconstrained */ data/mrbayes-3.2.7a/src/bayes.c:801:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.clockPr, "Uniform"); /* prior on branch lengths if clock enforced */ data/mrbayes-3.2.7a/src/bayes.c:803:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.treeAgePr.name, "Gamma(1.00,1.00)"); data/mrbayes-3.2.7a/src/bayes.c:811:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.clockRatePr, "Fixed"); /* prior on base subst. rate for clock trees */ data/mrbayes-3.2.7a/src/bayes.c:820:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.speciationPr, "Exponential"); /* prior on speciation rate (net diversification) */ data/mrbayes-3.2.7a/src/bayes.c:825:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.extinctionPr, "Beta"); /* prior on extinction rate (turnover) */ data/mrbayes-3.2.7a/src/bayes.c:829:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.fossilizationPr, "Beta"); /* prior on fossilization rate (sampling proportion) */ data/mrbayes-3.2.7a/src/bayes.c:833:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.sampleStrat, "Random"); /* taxon sampling strategy */ data/mrbayes-3.2.7a/src/bayes.c:839:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.popSizePr, "Gamma"); /* prior on coalescence population size */ data/mrbayes-3.2.7a/src/bayes.c:849:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.popVarPr, "Equal"); /* prior on pop. size variation across tree */ data/mrbayes-3.2.7a/src/bayes.c:850:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.growthPr, "Fixed"); /* prior on coalescence growth rate prior */ data/mrbayes-3.2.7a/src/bayes.c:857:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.nodeAgePr, "Unconstrained"); /* prior on node depths */ data/mrbayes-3.2.7a/src/bayes.c:858:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.clockVarPr, "Strict"); /* prior on clock rate variation */ data/mrbayes-3.2.7a/src/bayes.c:859:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.cppRatePr, "Exponential") ; /* prior on rate of CPP for relaxed clock */ data/mrbayes-3.2.7a/src/bayes.c:862:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.cppMultDevPr, "Fixed"); /* prior on standard dev. of lognormal of rate multipliers of CPP rel clock */ data/mrbayes-3.2.7a/src/bayes.c:864:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.tk02varPr, "Exponential"); /* prior on nu parameter for BM rel clock */ data/mrbayes-3.2.7a/src/bayes.c:869:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.igrvarPr, "Exponential"); /* prior on variance increase parameter for IGR rel clock */ data/mrbayes-3.2.7a/src/bayes.c:874:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.mixedvarPr, "Exponential"); /* prior on var parameter for mixed rel clock */ data/mrbayes-3.2.7a/src/bayes.c:879:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.ratePr, "Fixed"); /* prior on rate for a partition */ data/mrbayes-3.2.7a/src/bayes.c:881:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.generatePr, "Fixed"); /* prior on rate for a gene (multispecies coalescent) */ data/mrbayes-3.2.7a/src/bayes.c:887:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.tratioFormat, "Ratio"); /* default format for tratio */ data/mrbayes-3.2.7a/src/bayes.c:888:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.revmatFormat, "Dirichlet"); /* default format for revmat */ data/mrbayes-3.2.7a/src/bayes.c:889:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.ratemultFormat, "Scaled"); /* default format for ratemult */ data/mrbayes-3.2.7a/src/bayes.c:890:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.treeFormat, "Brlens"); /* default format for trees */ data/mrbayes-3.2.7a/src/bayes.c:891:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.inferAncStates, "No"); /* do not infer ancestral states */ data/mrbayes-3.2.7a/src/bayes.c:892:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.inferPosSel, "No"); /* do not infer positive selection */ data/mrbayes-3.2.7a/src/bayes.c:893:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.inferSiteOmegas, "No"); /* do not infer site omega vals */ data/mrbayes-3.2.7a/src/bayes.c:894:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defaultModel.inferSiteRates, "No"); /* do not infer site rates */ data/mrbayes-3.2.7a/src/bayes.c:1005:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(chainParams.chainFileName, "temp"); /* chain file name for output */ data/mrbayes-3.2.7a/src/bayes.c:1008:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(chainParams.startTree, "Current"); /* starting tree for chain (random/current) */ data/mrbayes-3.2.7a/src/bayes.c:1009:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(chainParams.startParams, "Current"); /* starting params for chain (reset/current) */ data/mrbayes-3.2.7a/src/bayes.c:1038:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sumtParams.sumtFileName, "temp"); /* input name for sumt command */ data/mrbayes-3.2.7a/src/bayes.c:1039:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sumtParams.sumtConType, "Halfcompat"); /* type of consensus tree output */ data/mrbayes-3.2.7a/src/bayes.c:1050:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sumtParams.sumtOutfile, "temp"); /* output name for sumt command */ data/mrbayes-3.2.7a/src/bayes.c:1056:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sumpParams.sumpFileName, "temp"); /* input name for sump command */ data/mrbayes-3.2.7a/src/bayes.c:1057:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sumpParams.sumpOutfile, "temp"); /* output name for sump command */ data/mrbayes-3.2.7a/src/bayes.c:1071:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(comptreeParams.comptFileName1, "temp.t"); /* input name for comparetree command */ data/mrbayes-3.2.7a/src/bayes.c:1072:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(comptreeParams.comptFileName2, "temp.t"); /* input name for comparetree command */ data/mrbayes-3.2.7a/src/bayes.c:1073:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(comptreeParams.comptOutfile, "temp.comp");/* output name for comparetree command */ data/mrbayes-3.2.7a/src/bayes.c:1077:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(plotParams.plotFileName, "temp.p"); /* input name for plot command */ data/mrbayes-3.2.7a/src/bayes.c:1078:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(plotParams.parameter, "lnL"); /* plotted parameter plot command */ data/mrbayes-3.2.7a/src/bayes.c:1079:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(plotParams.match, "Perfect"); /* matching for plot command */ data/mrbayes-3.2.7a/src/bayes.h:538:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100]; data/mrbayes-3.2.7a/src/bayes.h:595:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100]; /*!< name of tree */ data/mrbayes-3.2.7a/src/bayes.h:625:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[100]; /*!< name of node if terminal */ data/mrbayes-3.2.7a/src/bayes.h:646:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100]; /*!< name of tree */ data/mrbayes-3.2.7a/src/bayes.h:898:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tuningName[5]; /* name of tuning params */ data/mrbayes-3.2.7a/src/bayes.h:899:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *shortTuningName[5];/* short name of tuning params */ data/mrbayes-3.2.7a/src/bayes.h:979:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nucModel[100]; /* nucleotide model used */ data/mrbayes-3.2.7a/src/bayes.h:980:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nst[100]; /* number of substitution types */ data/mrbayes-3.2.7a/src/bayes.h:981:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char parsModel[100]; /* use the (so-called) parsimony model */ data/mrbayes-3.2.7a/src/bayes.h:982:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char geneticCode[100]; /* genetic code used */ data/mrbayes-3.2.7a/src/bayes.h:984:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char codingString[100]; /* string describing type of patterns encoded */ data/mrbayes-3.2.7a/src/bayes.h:985:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ploidy[100]; /* ploidy level */ data/mrbayes-3.2.7a/src/bayes.h:986:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char omegaVar[100]; /* type of omega variation model */ data/mrbayes-3.2.7a/src/bayes.h:987:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ratesModel[100]; /* rates across sites model */ data/mrbayes-3.2.7a/src/bayes.h:991:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char useGibbs[100]; /* flags whether Gibbs sampling of discrete gamma is used */ data/mrbayes-3.2.7a/src/bayes.h:997:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char covarionModel[100];/* use covarion model? (yes/no) */ data/mrbayes-3.2.7a/src/bayes.h:998:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char augmentData[100]; /* should data be augmented */ data/mrbayes-3.2.7a/src/bayes.h:1000:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tRatioPr[100]; /* prior for ti/tv rate ratio */ data/mrbayes-3.2.7a/src/bayes.h:1003:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char revMatPr[100]; /* prior for GTR model */ data/mrbayes-3.2.7a/src/bayes.h:1007:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char aaModelPr[100]; /* prior for amino acid model */ data/mrbayes-3.2.7a/src/bayes.h:1008:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char aaModel[100]; data/mrbayes-3.2.7a/src/bayes.h:1010:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char aaRevMatPr[100]; /* prior for aa GTR model */ data/mrbayes-3.2.7a/src/bayes.h:1013:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char omegaPr[100]; /* prior for omega */ data/mrbayes-3.2.7a/src/bayes.h:1016:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ny98omega1pr[100]; /* prior for class 1 omega (Ny98 model) */ data/mrbayes-3.2.7a/src/bayes.h:1019:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ny98omega3pr[100]; /* prior for class 3 omega (Ny98 model) */ data/mrbayes-3.2.7a/src/bayes.h:1023:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m3omegapr[100]; /* prior for all three omegas (M3 model) */ data/mrbayes-3.2.7a/src/bayes.h:1025:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m10betapr[100]; /* prior for omega variation (M10 model) */ data/mrbayes-3.2.7a/src/bayes.h:1026:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m10gammapr[100]; data/mrbayes-3.2.7a/src/bayes.h:1033:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char codonCatFreqPr[100]; /* prior for selection cat frequencies */ data/mrbayes-3.2.7a/src/bayes.h:1036:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stateFreqPr[100]; /* prior for character state frequencies */ data/mrbayes-3.2.7a/src/bayes.h:1039:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stateFreqsFixType[100]; data/mrbayes-3.2.7a/src/bayes.h:1041:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shapePr[100]; /* prior for gamma/lnorm shape parameter */ data/mrbayes-3.2.7a/src/bayes.h:1045:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pInvarPr[100]; /* prior for proportion of invariable sites */ data/mrbayes-3.2.7a/src/bayes.h:1048:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char adGammaCorPr[100]; /* prior for correlation param of adGamma model */ data/mrbayes-3.2.7a/src/bayes.h:1051:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char covSwitchPr[100]; /* prior for switching rates of covarion model */ data/mrbayes-3.2.7a/src/bayes.h:1055:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char symPiPr[100]; /* prior for pi when unidentifiable states used */ data/mrbayes-3.2.7a/src/bayes.h:1059:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ratePr[100]; /* prior on rate for a partition */ data/mrbayes-3.2.7a/src/bayes.h:1061:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char generatePr[100]; /* prior on rate for a gene (one or more partitions) */ data/mrbayes-3.2.7a/src/bayes.h:1063:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char brownCorPr[100]; /* prior for correlation of Brownian model */ data/mrbayes-3.2.7a/src/bayes.h:1066:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char brownScalesPr[100]; /* prior for scales of Brownian model */ data/mrbayes-3.2.7a/src/bayes.h:1072:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char topologyPr[100]; /* prior for tree topology */ data/mrbayes-3.2.7a/src/bayes.h:1077:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char brlensPr[100]; /* prior on branch lengths */ data/mrbayes-3.2.7a/src/bayes.h:1084:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char speciesTreeBrlensPr[100]; /* prior on branch lengths of species tree */ data/mrbayes-3.2.7a/src/bayes.h:1085:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unconstrainedPr[100]; /* prior on branch lengths if unconstrained */ data/mrbayes-3.2.7a/src/bayes.h:1086:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char clockPr[100]; /* prior on branch if clock enforced */ data/mrbayes-3.2.7a/src/bayes.h:1087:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char clockVarPr[100]; /* prior on clock rate variation (strict, cpp, tk02, igr, ...) */ data/mrbayes-3.2.7a/src/bayes.h:1088:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nodeAgePr[100]; /* prior on node depths (unconstrained, constraints) */ data/mrbayes-3.2.7a/src/bayes.h:1089:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char speciationPr[100]; /* prior on speciation rate (net diversification) */ data/mrbayes-3.2.7a/src/bayes.h:1093:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extinctionPr[100]; /* prior on relative extinction rate (turnover) */ data/mrbayes-3.2.7a/src/bayes.h:1096:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fossilizationPr[100]; /* prior on fossilization rate (sampling proportion) */ data/mrbayes-3.2.7a/src/bayes.h:1099:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sampleStrat[100]; /* taxon sampling strategy (for b-d process) */ data/mrbayes-3.2.7a/src/bayes.h:1109:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char clockRatePr[100]; /* prior on base substitution rate of tree for clock trees */ data/mrbayes-3.2.7a/src/bayes.h:1115:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char popSizePr[100]; /* prior on population size */ data/mrbayes-3.2.7a/src/bayes.h:1121:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char popVarPr[100]; /* prior on pop. size variation across tree */ data/mrbayes-3.2.7a/src/bayes.h:1122:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char growthPr[100]; /* prior on coalescence growth rate */ data/mrbayes-3.2.7a/src/bayes.h:1127:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cppRatePr[100]; /* prior on CPP rate */ data/mrbayes-3.2.7a/src/bayes.h:1130:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cppMultDevPr[100]; /* prior on CPP rate multiplier Lognormal variance */ data/mrbayes-3.2.7a/src/bayes.h:1132:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tk02varPr[100]; /* prior on TK02 lognormal rate variance */ data/mrbayes-3.2.7a/src/bayes.h:1136:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char igrvarPr[100]; /* prior on IGR gamma distribution variance */ data/mrbayes-3.2.7a/src/bayes.h:1140:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mixedvarPr[100]; /* prior on mixed relaxed clock rate variance */ data/mrbayes-3.2.7a/src/bayes.h:1145:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tratioFormat[30]; /* format used to report tratio */ data/mrbayes-3.2.7a/src/bayes.h:1146:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char revmatFormat[30]; /* format used to report revmat */ data/mrbayes-3.2.7a/src/bayes.h:1147:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ratemultFormat[30]; /* format used to report ratemult */ data/mrbayes-3.2.7a/src/bayes.h:1148:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char treeFormat[30]; /* format used to report trees/topologies */ data/mrbayes-3.2.7a/src/bayes.h:1149:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inferAncStates[5]; /* should ancestral states be inferred (Yes/No)? */ data/mrbayes-3.2.7a/src/bayes.h:1150:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inferSiteOmegas[5]; /* should site omega vals be inferred (Yes/No)? */ data/mrbayes-3.2.7a/src/bayes.h:1151:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inferSiteRates[5]; /* should site rates be inferred (Yes/No)? */ data/mrbayes-3.2.7a/src/bayes.h:1152:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inferPosSel[5]; /* should site selection be inferred (Yes/No)? */ data/mrbayes-3.2.7a/src/bayes.h:1172:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chainFileName[100]; /* chain file name for output */ data/mrbayes-3.2.7a/src/bayes.h:1175:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char startTree[100]; /* starting tree for chain (current/random) */ data/mrbayes-3.2.7a/src/bayes.h:1176:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char startParams[100]; /* starting values for chain (current/reset) */ data/mrbayes-3.2.7a/src/bayes.h:1415:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sumtFileName[100]; /* name of input file */ data/mrbayes-3.2.7a/src/bayes.h:1416:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sumtOutfile[120]; /* name of output file */ data/mrbayes-3.2.7a/src/bayes.h:1417:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char curFileName[120]; /* name of file being processed */ data/mrbayes-3.2.7a/src/bayes.h:1419:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sumtConType[100]; /* consensus tree type */ data/mrbayes-3.2.7a/src/bayes.h:1463:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comptFileName1[120]; /* name of first input file */ data/mrbayes-3.2.7a/src/bayes.h:1464:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comptFileName2[120]; /* name of second input file */ data/mrbayes-3.2.7a/src/bayes.h:1465:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comptOutfile[120]; /* name of output file */ data/mrbayes-3.2.7a/src/bayes.h:1472:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sumpFileName[100]; /* name of input file */ data/mrbayes-3.2.7a/src/bayes.h:1473:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sumpOutfile[120]; /* name of output file */ data/mrbayes-3.2.7a/src/bayes.h:1496:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char plotFileName[120]; /* name of input file */ data/mrbayes-3.2.7a/src/bayes.h:1497:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char parameter[100]; /* parameter(s) to be plotted */ data/mrbayes-3.2.7a/src/bayes.h:1498:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char match[100]; /* whether the match needs to be perfect */ data/mrbayes-3.2.7a/src/bayes.h:1618:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char inputFileName[100]; /* input (NEXUS) file name */ data/mrbayes-3.2.7a/src/bayes.h:1632:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char logFileName[100]; /* name of the log file */ data/mrbayes-3.2.7a/src/bayes.h:1634:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char manFileName[100]; /* name of man file */ data/mrbayes-3.2.7a/src/bayes.h:1703:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char spacer[10]; /* holds blanks for printing indentations */ data/mrbayes-3.2.7a/src/bayes.h:1708:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char stamp[11]; /* holds a unique identifier for each analysis */ data/mrbayes-3.2.7a/src/bayes.h:1737:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char workingDir[100]; /* working directory */ data/mrbayes-3.2.7a/src/command.c:148:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void PrintYesNo (int yn, char s[4]); data/mrbayes-3.2.7a/src/command.c:189:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logFileName[100]; /* name of the log file */ data/mrbayes-3.2.7a/src/command.c:193:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char manFileName[100]; /* name of the file for the command help info */ data/mrbayes-3.2.7a/src/command.c:222:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spacer[10]; /* holds blanks for printing indentations */ data/mrbayes-3.2.7a/src/command.c:260:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tokenP, token[CMD_STRING_LENGTH], *cmdStr=NULL; data/mrbayes-3.2.7a/src/command.c:367:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gapId, missingId, matchId, tempSetName[100], **tempNames; data/mrbayes-3.2.7a/src/command.c:800:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[100]; data/mrbayes-3.2.7a/src/command.c:1019:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (spacer, " "); data/mrbayes-3.2.7a/src/command.c:1031:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (spacer, " "); data/mrbayes-3.2.7a/src/command.c:1043:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (spacer, " "); data/mrbayes-3.2.7a/src/command.c:1051:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (spacer, " "); data/mrbayes-3.2.7a/src/command.c:1059:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (spacer, " "); data/mrbayes-3.2.7a/src/command.c:1197:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char nodeName[100], calName[100]; data/mrbayes-3.2.7a/src/command.c:1201:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[20], tempStr[100]; data/mrbayes-3.2.7a/src/command.c:1502:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%1.2lf", tempD); data/mrbayes-3.2.7a/src/command.c:1831:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempName[100]; data/mrbayes-3.2.7a/src/command.c:3548:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s, exeFileName[100]; data/mrbayes-3.2.7a/src/command.c:3551:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *oldTokenP, oldToken[CMD_STRING_LENGTH]; data/mrbayes-3.2.7a/src/command.c:3748:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (spacer, " "); data/mrbayes-3.2.7a/src/command.c:3765:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (spacer, " "); data/mrbayes-3.2.7a/src/command.c:3811:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (spacer, " "); data/mrbayes-3.2.7a/src/command.c:4068:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempStr[100]; data/mrbayes-3.2.7a/src/command.c:4978:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title[100]; data/mrbayes-3.2.7a/src/command.c:5006:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (title, "Command Reference for MrBayes ver. "); data/mrbayes-3.2.7a/src/command.c:6213:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempStr[100]; data/mrbayes-3.2.7a/src/command.c:7080:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempStr[100], stride; data/mrbayes-3.2.7a/src/command.c:7898:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempName[100]; data/mrbayes-3.2.7a/src/command.c:8153:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempName[100]; data/mrbayes-3.2.7a/src/command.c:9600:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempString[100]; data/mrbayes-3.2.7a/src/command.c:13521:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempStr[100]; data/mrbayes-3.2.7a/src/command.c:13764:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errStr[100]; data/mrbayes-3.2.7a/src/command.c:13985:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yesNoStr[20]; data/mrbayes-3.2.7a/src/command.c:14007:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (yesNoStr, "Avgstddev"); data/mrbayes-3.2.7a/src/command.c:14009:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (yesNoStr, "Maxstddev"); data/mrbayes-3.2.7a/src/command.c:14044:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void PrintYesNo (int yn, char s[4]) data/mrbayes-3.2.7a/src/command.c:14047:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (s, "Yes"); data/mrbayes-3.2.7a/src/command.c:14049:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (s, "No"); data/mrbayes-3.2.7a/src/command.c:14865:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " nothing"); data/mrbayes-3.2.7a/src/command.c:14870:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " command"); data/mrbayes-3.2.7a/src/command.c:14876:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:14877:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " parameter"); data/mrbayes-3.2.7a/src/command.c:14883:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:14884:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " ="); data/mrbayes-3.2.7a/src/command.c:14890:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:14891:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " :"); data/mrbayes-3.2.7a/src/command.c:14897:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:14898:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " ;"); data/mrbayes-3.2.7a/src/command.c:14904:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:14905:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " ,"); data/mrbayes-3.2.7a/src/command.c:14911:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:14912:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " #"); data/mrbayes-3.2.7a/src/command.c:14918:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:14919:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " ?"); data/mrbayes-3.2.7a/src/command.c:14925:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:14926:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " -"); data/mrbayes-3.2.7a/src/command.c:14932:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:14933:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " ("); data/mrbayes-3.2.7a/src/command.c:14939:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:14940:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " )"); data/mrbayes-3.2.7a/src/command.c:14946:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:14947:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " ["); data/mrbayes-3.2.7a/src/command.c:14953:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:14954:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " ]"); data/mrbayes-3.2.7a/src/command.c:14960:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:14961:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " <name>"); data/mrbayes-3.2.7a/src/command.c:14967:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:14968:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " <number>"); data/mrbayes-3.2.7a/src/command.c:14974:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:14975:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " return"); data/mrbayes-3.2.7a/src/command.c:14981:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:14982:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " *"); data/mrbayes-3.2.7a/src/command.c:14988:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:14989:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " /"); data/mrbayes-3.2.7a/src/command.c:14995:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:14996:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " \\"); data/mrbayes-3.2.7a/src/command.c:15002:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:15003:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " !"); data/mrbayes-3.2.7a/src/command.c:15009:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:15010:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " %"); data/mrbayes-3.2.7a/src/command.c:15016:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:15017:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " {"); data/mrbayes-3.2.7a/src/command.c:15023:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:15024:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " }"); data/mrbayes-3.2.7a/src/command.c:15030:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:15031:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " <whatever>"); data/mrbayes-3.2.7a/src/command.c:15037:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:15038:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " |"); data/mrbayes-3.2.7a/src/command.c:15044:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " or"); data/mrbayes-3.2.7a/src/command.c:15045:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(st, " no clue"); data/mrbayes-3.2.7a/src/mcmc.c:268:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inputFileName[100]; /* input (NEXUS) file name */ data/mrbayes-3.2.7a/src/mcmc.c:274:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stamp[11]; /* holds a unique identifier for each analysis */ data/mrbayes-3.2.7a/src/mcmc.c:2119:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((void*) to, (void*) from, (size_t)(m->numChars) * sizeof(CLFlt)); data/mrbayes-3.2.7a/src/mcmc.c:2286:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[20]; data/mrbayes-3.2.7a/src/mcmc.c:2466:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(inputFileName, ".ckp"); data/mrbayes-3.2.7a/src/mcmc.c:2505:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). numPreviousGen = atoi(temp); data/mrbayes-3.2.7a/src/mcmc.c:2700:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempStr[5]; data/mrbayes-3.2.7a/src/mcmc.c:4113:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[100]; data/mrbayes-3.2.7a/src/mcmc.c:10443:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localFileName[100], fileName[220], bkupName[220]; data/mrbayes-3.2.7a/src/mcmc.c:11209:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bkupFileName[220], oldBkupFileName[220], ckpFileName[220], *tempString=NULL; data/mrbayes-3.2.7a/src/mcmc.c:15436:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileName[120], localFileName[100]; data/mrbayes-3.2.7a/src/mcmc.c:15502:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c, line[100]; data/mrbayes-3.2.7a/src/mcmc.c:15876:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localFileName[100], fileName[220], bkupName[220]; data/mrbayes-3.2.7a/src/mcmc.c:16037:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ckpFileName[220], bkupFileName[220]; data/mrbayes-3.2.7a/src/mcmc.c:18826:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[100]; data/mrbayes-3.2.7a/src/mcmc.c:18833:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (spacer, " "); data/mrbayes-3.2.7a/src/mcmc.c:18838:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "tRatio[%d]", i); data/mrbayes-3.2.7a/src/mcmc.c:18845:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "revMat[%d]", i); data/mrbayes-3.2.7a/src/mcmc.c:18852:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "stateFreq[%d]", i); data/mrbayes-3.2.7a/src/mcmc.c:18859:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "omega[%d]", i); data/mrbayes-3.2.7a/src/mcmc.c:18866:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "shape[%d]", i); data/mrbayes-3.2.7a/src/mcmc.c:18873:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "pInvar[%d]", i); data/mrbayes-3.2.7a/src/mcmc.c:18880:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "correlation[%d]", i); data/mrbayes-3.2.7a/src/mcmc.c:18887:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "switchRates[%d]", i); data/mrbayes-3.2.7a/src/mcmc.c:18894:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "rateMult[%d]", i); data/mrbayes-3.2.7a/src/mcmc.c:18901:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "speciationRates[%d]", i); data/mrbayes-3.2.7a/src/mcmc.c:18908:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "extinctionRates[%d]", i); data/mrbayes-3.2.7a/src/mcmc.c:18915:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "fossilizationRates[%d]", i); data/mrbayes-3.2.7a/src/mcmc.c:18922:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "popSize[%d]", i); data/mrbayes-3.2.7a/src/model.c:152:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char colonPr[100], clockPr[30]; data/mrbayes-3.2.7a/src/model.c:1267:37: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tree->name, "mcmc.tree%d_%d", p->treeIndex+1, run*to + m +1); data/mrbayes-3.2.7a/src/model.c:1269:37: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tree->name, "mcmc.tree_%d", run*to + m +1); data/mrbayes-3.2.7a/src/model.c:2263:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(string, "All"); data/mrbayes-3.2.7a/src/model.c:2265:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(string, "Informative"); data/mrbayes-3.2.7a/src/model.c:2270:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(string, "Variable"); data/mrbayes-3.2.7a/src/model.c:2274:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(string, "Variable|Nosingletonabsence"); data/mrbayes-3.2.7a/src/model.c:2278:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(string, "Variable|Nosingletonpresence"); data/mrbayes-3.2.7a/src/model.c:2285:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(string, "Nosingletons"); data/mrbayes-3.2.7a/src/model.c:2289:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(string, "Noabsencesites|Nosingletons"); data/mrbayes-3.2.7a/src/model.c:2293:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(string, "Nopresencesites|Nosingletons"); data/mrbayes-3.2.7a/src/model.c:2298:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(string, "Noabsencesites"); data/mrbayes-3.2.7a/src/model.c:2302:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(string, "Nopresencesites"); data/mrbayes-3.2.7a/src/model.c:2306:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(string, "Nosingletonabsence"); data/mrbayes-3.2.7a/src/model.c:2310:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(string, "Nosingletonpresence"); data/mrbayes-3.2.7a/src/model.c:2314:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(string, "Noabsencesites|Nosingletonabsence"); data/mrbayes-3.2.7a/src/model.c:2318:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(string, "Noabsencesites|Nosingletonpresence"); data/mrbayes-3.2.7a/src/model.c:2322:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(string, "Nopresencesites|Nosingletonabsence"); data/mrbayes-3.2.7a/src/model.c:2326:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(string, "Nopresencesites|Nosingletonpresence"); data/mrbayes-3.2.7a/src/model.c:3011:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempStr[100]; data/mrbayes-3.2.7a/src/model.c:3122:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].stateFreqPr, "Dirichlet"); data/mrbayes-3.2.7a/src/model.c:3123:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].stateFreqsFixType, "Equal"); data/mrbayes-3.2.7a/src/model.c:3308:33: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].useGibbs, "Yes"); data/mrbayes-3.2.7a/src/model.c:3312:33: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].useGibbs, "No"); data/mrbayes-3.2.7a/src/model.c:3486:33: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].parsModel, "Yes"); data/mrbayes-3.2.7a/src/model.c:3488:33: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].parsModel, "No"); data/mrbayes-3.2.7a/src/model.c:3522:33: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].augmentData, "Yes"); data/mrbayes-3.2.7a/src/model.c:3524:33: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].augmentData, "No"); data/mrbayes-3.2.7a/src/model.c:3813:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[100], **headerNames = NULL; data/mrbayes-3.2.7a/src/model.c:3939:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempStr[100]; data/mrbayes-3.2.7a/src/model.c:4460:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempStr[100]; data/mrbayes-3.2.7a/src/model.c:6027:33: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].ratePr, "Dirichlet"); data/mrbayes-3.2.7a/src/model.c:6034:37: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tempStr," [Dirichlet(..,1,..)]"); data/mrbayes-3.2.7a/src/model.c:6040:37: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tempStr,"Variable"); data/mrbayes-3.2.7a/src/model.c:6156:33: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].generatePr, "Dirichlet"); data/mrbayes-3.2.7a/src/model.c:6163:37: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tempStr," [Dirichlet(..,1,..)]"); data/mrbayes-3.2.7a/src/model.c:6169:37: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tempStr,"Variable"); data/mrbayes-3.2.7a/src/model.c:6560:33: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].stateFreqsFixType, "Equal"); data/mrbayes-3.2.7a/src/model.c:6568:33: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].stateFreqsFixType, "Empirical"); data/mrbayes-3.2.7a/src/model.c:6593:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].stateFreqsFixType, "User"); data/mrbayes-3.2.7a/src/model.c:6683:37: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].stateFreqsFixType, "User"); data/mrbayes-3.2.7a/src/model.c:6748:41: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].brlensPr, "Uniform"); data/mrbayes-3.2.7a/src/model.c:6994:25: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tempStr, "TK02"); data/mrbayes-3.2.7a/src/model.c:6996:25: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tempStr, "Igr"); data/mrbayes-3.2.7a/src/model.c:7077:37: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].unconstrainedPr, "Uniform"); data/mrbayes-3.2.7a/src/model.c:7083:37: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].unconstrainedPr, "Exponential"); data/mrbayes-3.2.7a/src/model.c:7089:37: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].unconstrainedPr, "GammaDir"); data/mrbayes-3.2.7a/src/model.c:7095:37: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].unconstrainedPr, "invGamDir"); data/mrbayes-3.2.7a/src/model.c:7101:37: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].unconstrainedPr, "twoExp"); data/mrbayes-3.2.7a/src/model.c:7116:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (clockPr, "Uniform"); data/mrbayes-3.2.7a/src/model.c:7120:37: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].clockPr, "Uniform"); data/mrbayes-3.2.7a/src/model.c:7130:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (clockPr, "Birthdeath"); data/mrbayes-3.2.7a/src/model.c:7134:37: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].clockPr, "Birthdeath"); data/mrbayes-3.2.7a/src/model.c:7144:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (clockPr, "Coalescence"); data/mrbayes-3.2.7a/src/model.c:7148:37: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].clockPr, "Coalescence"); data/mrbayes-3.2.7a/src/model.c:7158:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (clockPr, "Speciestreecoalescence"); data/mrbayes-3.2.7a/src/model.c:7162:37: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].clockPr, "Speciestreecoalescence"); data/mrbayes-3.2.7a/src/model.c:7172:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (clockPr, "Fossilization"); data/mrbayes-3.2.7a/src/model.c:7176:37: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].clockPr, "Fossilization"); data/mrbayes-3.2.7a/src/model.c:7186:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (clockPr, "Fixed"); data/mrbayes-3.2.7a/src/model.c:7190:37: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].clockPr, "Fixed"); data/mrbayes-3.2.7a/src/model.c:7940:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tempStr, "%1.2lf", tempD); data/mrbayes-3.2.7a/src/model.c:7986:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tempStr, "%1.2lf", tempD); data/mrbayes-3.2.7a/src/model.c:8009:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[i].treeAgePr.name, "Gamma(1.00,1.00)"); data/mrbayes-3.2.7a/src/model.c:9069:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tempStr, "Poisson"); data/mrbayes-3.2.7a/src/model.c:9071:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tempStr, "Equalin"); data/mrbayes-3.2.7a/src/model.c:9073:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tempStr, "Jones"); data/mrbayes-3.2.7a/src/model.c:9075:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tempStr, "Dayhoff"); data/mrbayes-3.2.7a/src/model.c:9077:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tempStr, "Mtrev"); data/mrbayes-3.2.7a/src/model.c:9079:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tempStr, "Mtmam"); data/mrbayes-3.2.7a/src/model.c:9081:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tempStr, "Wag"); data/mrbayes-3.2.7a/src/model.c:9083:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tempStr, "Rtrev"); data/mrbayes-3.2.7a/src/model.c:9085:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tempStr, "Cprev"); data/mrbayes-3.2.7a/src/model.c:9087:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tempStr, "Vt"); data/mrbayes-3.2.7a/src/model.c:9089:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tempStr, "Blosum"); data/mrbayes-3.2.7a/src/model.c:9091:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tempStr, "Blosum"); data/mrbayes-3.2.7a/src/model.c:9093:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tempStr, "LG"); data/mrbayes-3.2.7a/src/model.c:9095:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tempStr, "Gtr"); data/mrbayes-3.2.7a/src/model.c:9595:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempName[100]; data/mrbayes-3.2.7a/src/model.c:9657:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempStr[100]; data/mrbayes-3.2.7a/src/model.c:10816:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempStr[100]; data/mrbayes-3.2.7a/src/model.c:12846:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localName[100], temp[100]; data/mrbayes-3.2.7a/src/model.c:12987:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tree->name, "mcmc.tree%d_%d", data/mrbayes-3.2.7a/src/model.c:12990:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tree->name, "mcmc.tree_%d", i + 1); data/mrbayes-3.2.7a/src/model.c:15379:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempName[100]; data/mrbayes-3.2.7a/src/model.c:15571:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char piHeader[30]; data/mrbayes-3.2.7a/src/model.c:15901:33: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (piHeader, "\tpi_%d(%d)", origCharPos+1, ts); data/mrbayes-3.2.7a/src/model.c:17713:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[j].codingString, "Variable"); data/mrbayes-3.2.7a/src/model.c:17718:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[j].codingString, "Noabsencesites"); data/mrbayes-3.2.7a/src/model.c:17723:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelParams[j].codingString, "All"); data/mrbayes-3.2.7a/src/model.c:18174:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempCodon[15], tempMult[15], *tempStr,temp[30]; data/mrbayes-3.2.7a/src/model.c:18418:29: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (temp, "r(%c<->%c)", StateCode_AA(n1), StateCode_AA(n2)); data/mrbayes-3.2.7a/src/model.c:18424:29: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (temp, "\tr(%c<->%c)", StateCode_AA(n1), StateCode_AA(n2)); data/mrbayes-3.2.7a/src/model.c:18451:29: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (temp, "r(%c<->%c)", StateCode_NUC4(n1), StateCode_NUC4(n2)); data/mrbayes-3.2.7a/src/model.c:18457:29: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (temp, "\tr(%c<->%c)", StateCode_NUC4(n1), StateCode_NUC4(n2)); data/mrbayes-3.2.7a/src/model.c:18465:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (temp, "\tgtrsubmodel"); data/mrbayes-3.2.7a/src/model.c:18468:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (temp, "\tk_revmat"); data/mrbayes-3.2.7a/src/model.c:18566:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (temp, "omega(%d)", i+1); data/mrbayes-3.2.7a/src/model.c:18568:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (temp, "\tomega(%d)", i+1); data/mrbayes-3.2.7a/src/model.c:18782:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (temp, "pi(%c)", StateCode_NUC4(0)); data/mrbayes-3.2.7a/src/model.c:18787:29: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (temp, "\tpi(%c)", StateCode_NUC4(n1)); data/mrbayes-3.2.7a/src/model.c:18811:33: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tempCodon, "pi(A"); data/mrbayes-3.2.7a/src/model.c:18813:33: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tempCodon, "pi(C"); data/mrbayes-3.2.7a/src/model.c:18815:33: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tempCodon, "pi(G"); data/mrbayes-3.2.7a/src/model.c:18817:33: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (tempCodon, "pi(T"); data/mrbayes-3.2.7a/src/model.c:18827:33: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tempCodon, "A)"); data/mrbayes-3.2.7a/src/model.c:18829:33: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tempCodon, "C)"); data/mrbayes-3.2.7a/src/model.c:18831:33: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tempCodon, "G)"); data/mrbayes-3.2.7a/src/model.c:18833:33: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tempCodon, "T)"); data/mrbayes-3.2.7a/src/model.c:19068:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tempMult, "m{%d}", i+1); data/mrbayes-3.2.7a/src/model.c:19111:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tempMult, "g_m{%d}", i+1); data/mrbayes-3.2.7a/src/model.c:19392:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tempStr, "\tnet_speciation_%d", i+1); data/mrbayes-3.2.7a/src/model.c:19432:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tempStr, "\trelative_extinction_%d", i+1); data/mrbayes-3.2.7a/src/model.c:19469:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tempStr, "\trelative_fossilization_%d", i+1); data/mrbayes-3.2.7a/src/sumpt.c:336:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (temp, ".lstat"); data/mrbayes-3.2.7a/src/sumpt.c:1079:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempStr[100]; data/mrbayes-3.2.7a/src/sumpt.c:1330:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempStr[100]; data/mrbayes-3.2.7a/src/sumpt.c:1629:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *sumpTokenP, sumpToken[CMD_STRING_LENGTH], *s=NULL, *headerLine, *t; data/mrbayes-3.2.7a/src/sumpt.c:1976:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[100]; data/mrbayes-3.2.7a/src/sumpt.c:1999:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (temp, ".pstat"); data/mrbayes-3.2.7a/src/sumpt.c:2104:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[100]; data/mrbayes-3.2.7a/src/sumpt.c:2139:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (temp, ".mstat"); data/mrbayes-3.2.7a/src/sumpt.c:2304:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char plotSymbol[15][60]; data/mrbayes-3.2.7a/src/sumpt.c:2473:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempf[100]; data/mrbayes-3.2.7a/src/sumpt.c:2496:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (tempf, ".pstat"); data/mrbayes-3.2.7a/src/sumpt.c:2781:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sumpToken[CMD_STRING_LENGTH], *s=NULL, *p; data/mrbayes-3.2.7a/src/sumpt.c:3678:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(treeName[0],"tree"); //in case if parameter is not specified in a .t file data/mrbayes-3.2.7a/src/sumpt.c:3679:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(treeName[1],"tree"); data/mrbayes-3.2.7a/src/sumpt.c:4404:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempStr[100]; data/mrbayes-3.2.7a/src/sumpt.c:4569:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outName[130], inName[130], inRefName[130], treeName[100], *lineBuf=NULL, *s; data/mrbayes-3.2.7a/src/sumpt.c:4685:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (outName, ".sdsf"); data/mrbayes-3.2.7a/src/sumpt.c:4736:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gen = atoi(s+4); // 4 is offset to get rid of "rep." in tree name data/mrbayes-3.2.7a/src/sumpt.c:4874:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(treeName,"tree"); //in case if parameter is not specified in a .t file data/mrbayes-3.2.7a/src/sumpt.c:5835:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempStr[100]; data/mrbayes-3.2.7a/src/sumpt.c:6637:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sumtToken[100], *s, *sumtTokenP; data/mrbayes-3.2.7a/src/sumpt.c:7005:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pFilename[120], dFilename[120]; data/mrbayes-3.2.7a/src/sumpt.c:7014:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (pFilename, ".pairs"); data/mrbayes-3.2.7a/src/sumpt.c:7015:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (dFilename, ".dists"); data/mrbayes-3.2.7a/src/sumpt.c:7083:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pFilename[145], sFilename[145], vFilename[145], cFilename[145], tFilename[145]; data/mrbayes-3.2.7a/src/sumpt.c:7253:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[145]; data/mrbayes-3.2.7a/src/sumpt.c:7649:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempStr[100]; data/mrbayes-3.2.7a/src/sumpt.c:7786:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *printLine, *markLine, temp[30], *label; data/mrbayes-3.2.7a/src/sumpt.c:7972:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (temp, "%.2e", f); data/mrbayes-3.2.7a/src/sumpt.c:7974:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (temp, "%.*lf", precision, f); data/mrbayes-3.2.7a/src/sumpt.c:8022:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *printLine, *markLine, temp[20], *label; data/mrbayes-3.2.7a/src/sumpt.c:8176:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (printLine+treeWidth+1,"(%d)", p->index); data/mrbayes-3.2.7a/src/sumpt.c:8196:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (temp, "%d", (int) (p->support*100.0 + 0.5)); data/mrbayes-3.2.7a/src/sumpt.c:8224:29: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (temp, "%d", (int) (p->support*100.0 + 0.5)); data/mrbayes-3.2.7a/src/utils.c:314:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(word)>lastGen) data/mrbayes-3.2.7a/src/utils.c:353:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(word)>lastStep) data/mrbayes-3.2.7a/src/utils.c:357:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). curStep = atoi(word); data/mrbayes-3.2.7a/src/utils.c:429:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(word+4)>lastGen) data/mrbayes-3.2.7a/src/utils.c:669:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((void *)(p), (void *)(vals[i]), (size_t)rowCount[i] * sizeof(MrBFlt)); data/mrbayes-3.2.7a/src/utils.c:1049:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[40]; data/mrbayes-3.2.7a/src/utils.c:1052:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s,"%.*le", precision, num); data/mrbayes-3.2.7a/src/utils.c:1054:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s,"%.*lf", precision, num); data/mrbayes-3.2.7a/src/utils.c:1287:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileName[200]; data/mrbayes-3.2.7a/src/utils.c:1292:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen (fileName, "rb")) == NULL) data/mrbayes-3.2.7a/src/utils.c:1305:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileName[200]; data/mrbayes-3.2.7a/src/utils.c:1310:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen (fileName, "r")) == NULL) data/mrbayes-3.2.7a/src/utils.c:1323:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileName[200]; data/mrbayes-3.2.7a/src/utils.c:1328:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen (fileName, "r")) == NULL) data/mrbayes-3.2.7a/src/utils.c:1340:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileName[200]; data/mrbayes-3.2.7a/src/utils.c:1345:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen (fileName, "a+")) == NULL) data/mrbayes-3.2.7a/src/utils.c:1358:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileName[200]; data/mrbayes-3.2.7a/src/utils.c:1363:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen (fileName, "w+")) == NULL) data/mrbayes-3.2.7a/src/utils.c:1745:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileName[100]; data/mrbayes-3.2.7a/src/utils.c:1750:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return fopen (fileName, "r"); data/mrbayes-3.2.7a/src/utils.c:1797:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[100]; data/mrbayes-3.2.7a/src/utils.c:2927:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p->partition,q->partition, nLongsNeeded*sizeof(BitsLong)); data/mrbayes-3.2.7a/src/utils.c:3465:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p->partition, q->partition, nLongsNeeded*sizeof(BitsLong)); data/mrbayes-3.2.7a/src/utils.c:5561:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (t->position[i][a]+t->nEvents[i][a], t->position[i][b], t->nEvents[i][b]*sizeof(MrBFlt)); data/mrbayes-3.2.7a/src/utils.c:5562:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (t->rateMult[i][a]+t->nEvents[i][a], t->rateMult[i][b], t->nEvents[i][b]*sizeof(MrBFlt)); data/mrbayes-3.2.7a/src/utils.c:6433:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[30]; data/mrbayes-3.2.7a/src/utils.c:6454:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). k = atoi (temp); data/mrbayes-3.2.7a/src/utils.c:7388:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char treeLine[SCREENWIDTH2], labelLine[100]; data/mrbayes-3.2.7a/src/utils.c:11035:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. free((char *) (m[0])); data/mrbayes-3.2.7a/src/utils.c:11049:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. free((char *) (m[0])); data/mrbayes-3.2.7a/src/utils.c:11063:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. free((char *) (m[0])); data/mrbayes-3.2.7a/src/bayes.c:400:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (cmdStr,cmdStrP,CMD_STRING_LENGTH - 2); data/mrbayes-3.2.7a/src/bayes.c:592:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(workingDir,""); /* working directory */ data/mrbayes-3.2.7a/src/bayes.c:667:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(defaultModel.nst, "1"); /* number of substitution types */ data/mrbayes-3.2.7a/src/bayes.c:972:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (spacer, ""); /* holds blanks for indentation */ data/mrbayes-3.2.7a/src/best.c:1460:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/best.c:1666:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/command.c:475:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (*list)[len] = (char *) SafeCalloc ((strlen(token)+1), sizeof(char)); data/mrbayes-3.2.7a/src/command.c:1067:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (spacer, ""); data/mrbayes-3.2.7a/src/command.c:1319:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (calName, "("); data/mrbayes-3.2.7a/src/command.c:1507:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (calName, ","); data/mrbayes-3.2.7a/src/command.c:1513:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (calName, ")"); data/mrbayes-3.2.7a/src/command.c:1644:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i=0; i<(int)strlen(tkn); i++) data/mrbayes-3.2.7a/src/command.c:1659:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn) > 99) data/mrbayes-3.2.7a/src/command.c:1730:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn) == 1 && tkn[0] == '.') data/mrbayes-3.2.7a/src/command.c:2580:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn) > 99) data/mrbayes-3.2.7a/src/command.c:2756:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn) == 1 && !strcmp(tkn, ".")) data/mrbayes-3.2.7a/src/command.c:3085:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn) == 1 && tkn[0] == '.') data/mrbayes-3.2.7a/src/command.c:3309:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn) == 1 && !strcmp(tkn, ".")) data/mrbayes-3.2.7a/src/command.c:3540:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(spacer,""); /* reset indentation */ data/mrbayes-3.2.7a/src/command.c:3560:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (exeFileName, inputFileName, 98); data/mrbayes-3.2.7a/src/command.c:3577:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (spacer, ""); data/mrbayes-3.2.7a/src/command.c:3675:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s) > 1) data/mrbayes-3.2.7a/src/command.c:3751:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (spacer, ""); data/mrbayes-3.2.7a/src/command.c:3768:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (spacer, ""); data/mrbayes-3.2.7a/src/command.c:3786:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (size_t)(tokenP-s)-strlen(token)+1, (size_t)(tokenP-s), cmdLine); data/mrbayes-3.2.7a/src/command.c:3815:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (spacer, ""); data/mrbayes-3.2.7a/src/command.c:3832:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn)>99) data/mrbayes-3.2.7a/src/command.c:3836:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MrBayesPrint ("%s has %d characters.\n", spacer,strlen(tkn)); data/mrbayes-3.2.7a/src/command.c:3958:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn) == 1 && tkn[0] == '.') data/mrbayes-3.2.7a/src/command.c:4186:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn) == 1 && tkn[0] == '.') data/mrbayes-3.2.7a/src/command.c:4423:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn) == 1) data/mrbayes-3.2.7a/src/command.c:4468:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn) == 1) data/mrbayes-3.2.7a/src/command.c:4513:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn) == 1) data/mrbayes-3.2.7a/src/command.c:4574:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int)strlen(p->string) > longestDescription) data/mrbayes-3.2.7a/src/command.c:4575:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). longestDescription = (int) strlen(p->string); data/mrbayes-3.2.7a/src/command.c:4588:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (j=0; j<longestDescription - (int) strlen(p->string); j++) data/mrbayes-3.2.7a/src/command.c:4603:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (j=0; j<longestDescription - (int) strlen(p->string); j++) data/mrbayes-3.2.7a/src/command.c:4627:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tkLen = (int) strlen(tkn); data/mrbayes-3.2.7a/src/command.c:4631:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). targetLen = (int) strlen(p->string); data/mrbayes-3.2.7a/src/command.c:4786:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn) == 1 && tkn[0] == '.') data/mrbayes-3.2.7a/src/command.c:5009:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = (70 - (int) strlen (title)) / 2; data/mrbayes-3.2.7a/src/command.c:5010:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = 70 - i - (int) strlen(title); data/mrbayes-3.2.7a/src/command.c:5328:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn)>99) data/mrbayes-3.2.7a/src/command.c:5799:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn) > 99) data/mrbayes-3.2.7a/src/command.c:5882:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn) == 1 && tkn[0] == '.') data/mrbayes-3.2.7a/src/command.c:6128:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn) == 1 && !strcmp(tkn, ".")) data/mrbayes-3.2.7a/src/command.c:6588:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn)>99) data/mrbayes-3.2.7a/src/command.c:6592:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MrBayesPrint ("%s has %d characters.\n", spacer,strlen(tkn)); data/mrbayes-3.2.7a/src/command.c:6598:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (index=0; index<(int)strlen(workingDir); index++) data/mrbayes-3.2.7a/src/command.c:6603:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(workingDir) > 0 && workingDir[strlen(workingDir)-1] != '\\') data/mrbayes-3.2.7a/src/command.c:6603:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(workingDir) > 0 && workingDir[strlen(workingDir)-1] != '\\') data/mrbayes-3.2.7a/src/command.c:6604:21: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(workingDir,"\\"); data/mrbayes-3.2.7a/src/command.c:6607:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (index=0; index<(int)strlen(workingDir); index++) data/mrbayes-3.2.7a/src/command.c:6612:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(workingDir) > 0 && workingDir[strlen(workingDir)-1] != '/') data/mrbayes-3.2.7a/src/command.c:6612:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(workingDir) > 0 && workingDir[strlen(workingDir)-1] != '/') data/mrbayes-3.2.7a/src/command.c:6613:21: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(workingDir,"/"); data/mrbayes-3.2.7a/src/command.c:7091:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameLen = (int) strlen(taxaNames[i]); data/mrbayes-3.2.7a/src/command.c:7113:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameLen = (int) strlen(tempStr); data/mrbayes-3.2.7a/src/command.c:7254:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn)>99) data/mrbayes-3.2.7a/src/command.c:7418:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn) > 99) data/mrbayes-3.2.7a/src/command.c:7495:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn) == 1 && tkn[0] == '.') data/mrbayes-3.2.7a/src/command.c:7712:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn) > 99) data/mrbayes-3.2.7a/src/command.c:7795:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn) == 1 && !strcmp(tkn, ".")) data/mrbayes-3.2.7a/src/command.c:7911:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int)strlen(tempName) > maxLen) data/mrbayes-3.2.7a/src/command.c:7912:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxLen = (int) strlen(tempName); data/mrbayes-3.2.7a/src/command.c:7967:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameLen = (int) strlen(tempName); data/mrbayes-3.2.7a/src/command.c:8215:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (t->name, tkn, 99); data/mrbayes-3.2.7a/src/command.c:8367:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t->bSetName[t->nBSets-1] = (char *) SafeCalloc (strlen(tkn)+1, sizeof(char)); data/mrbayes-3.2.7a/src/command.c:8827:69: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t->eSetName[t->nESets-1] = (char *) SafeCalloc (strlen(tempNameString)+1,sizeof(char)); data/mrbayes-3.2.7a/src/command.c:8832:69: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t->bSetName[t->nBSets-1] = (char *) SafeCalloc (strlen(tempNameString)+1,sizeof(char)); data/mrbayes-3.2.7a/src/command.c:8837:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t->popSizeSetName = (char *) SafeCalloc (strlen(tempNameString)+1,sizeof(char)); data/mrbayes-3.2.7a/src/command.c:9028:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen (text); data/mrbayes-3.2.7a/src/command.c:9038:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dupstring = SafeMalloc (strlen (command) + 1); data/mrbayes-3.2.7a/src/command.c:9055:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tkLen = (int) strlen(tk); data/mrbayes-3.2.7a/src/command.c:9060:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). targetLen = (int) strlen(p->string); data/mrbayes-3.2.7a/src/command.c:9103:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tkLen = (int) strlen(tk); data/mrbayes-3.2.7a/src/command.c:9109:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). targetLen = (int) strlen(q->string); data/mrbayes-3.2.7a/src/command.c:10192:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (tempString, constraintNames[i], 22); data/mrbayes-3.2.7a/src/command.c:10317:25: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (tempString, taxaNames[i], 22); data/mrbayes-3.2.7a/src/command.c:10319:25: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (tempString, constraintNames[i-numTaxa], 22); data/mrbayes-3.2.7a/src/command.c:13525:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tkLen = (int) strlen(tk); data/mrbayes-3.2.7a/src/command.c:13533:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). targetLen = (int) strlen(tempStr); data/mrbayes-3.2.7a/src/command.c:13616:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s1) != strlen(s2)) data/mrbayes-3.2.7a/src/command.c:13616:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s1) != strlen(s2)) data/mrbayes-3.2.7a/src/command.c:13621:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s1) > strlen(s2)) data/mrbayes-3.2.7a/src/command.c:13621:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s1) > strlen(s2)) data/mrbayes-3.2.7a/src/command.c:13622:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(s2); data/mrbayes-3.2.7a/src/command.c:13624:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(s1); data/mrbayes-3.2.7a/src/command.c:13783:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(token) > 0 || tokenType == ALPHA) data/mrbayes-3.2.7a/src/command.c:13898:94: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). spacer, token, commandPtr->string, tokenP - cmdStr - strlen(token)+1); data/mrbayes-3.2.7a/src/command.c:13966:17: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (spacer, ""); data/mrbayes-3.2.7a/src/command.c:14357:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(transFrom[i])>99) data/mrbayes-3.2.7a/src/command.c:14862:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (st, ""); data/mrbayes-3.2.7a/src/mcmc.c:420:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len1 = strlen(printString); data/mrbayes-3.2.7a/src/mcmc.c:421:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = strlen(tempStr); data/mrbayes-3.2.7a/src/mcmc.c:2484:18: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). do { c = fgetc(tempFile); data/mrbayes-3.2.7a/src/mcmc.c:2488:22: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). do { c = fgetc(tempFile); data/mrbayes-3.2.7a/src/mcmc.c:2493:22: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). do { c = fgetc(tempFile); data/mrbayes-3.2.7a/src/mcmc.c:2502:21: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(tempFile); data/mrbayes-3.2.7a/src/mcmc.c:2509:22: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). do { c = fgetc(tempFile); data/mrbayes-3.2.7a/src/mcmc.c:3558:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tempStr)>99) data/mrbayes-3.2.7a/src/mcmc.c:3562:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MrBayesPrint ("%s has %d characters.\n", spacer,strlen(tempStr)); data/mrbayes-3.2.7a/src/mcmc.c:10612:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (bkupName, "~"); data/mrbayes-3.2.7a/src/mcmc.c:11239:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (bkupFileName, "~"); data/mrbayes-3.2.7a/src/mcmc.c:11241:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (oldBkupFileName, "~"); data/mrbayes-3.2.7a/src/mcmc.c:11324:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(printString,""); data/mrbayes-3.2.7a/src/mcmc.c:11424:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (printString, ""); data/mrbayes-3.2.7a/src/mcmc.c:11425:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (tempString, ""); data/mrbayes-3.2.7a/src/mcmc.c:11495:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (printString, ""); data/mrbayes-3.2.7a/src/mcmc.c:11496:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (tempString, ""); data/mrbayes-3.2.7a/src/mcmc.c:11534:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (printString, ""); data/mrbayes-3.2.7a/src/mcmc.c:11535:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (tempString, ""); data/mrbayes-3.2.7a/src/mcmc.c:11576:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (printString, ""); data/mrbayes-3.2.7a/src/mcmc.c:11577:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (tempString, ""); data/mrbayes-3.2.7a/src/mcmc.c:11616:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (printString, ""); data/mrbayes-3.2.7a/src/mcmc.c:11617:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (tempString, ""); data/mrbayes-3.2.7a/src/mcmc.c:11710:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (printString, ""); data/mrbayes-3.2.7a/src/mcmc.c:11711:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (tempString, ""); data/mrbayes-3.2.7a/src/mcmc.c:11748:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (printString, ""); data/mrbayes-3.2.7a/src/mcmc.c:11749:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (tempString, ""); data/mrbayes-3.2.7a/src/mcmc.c:12056:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int)strlen(printString); data/mrbayes-3.2.7a/src/mcmc.c:12065:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (nErrors == 0 && proc_id == 0 && len+5 > strlen(s)) data/mrbayes-3.2.7a/src/mcmc.c:12212:25: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). inputChar = getchar(); data/mrbayes-3.2.7a/src/mcmc.c:13361:21: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (printString, ""); data/mrbayes-3.2.7a/src/mcmc.c:13480:25: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (printString, ""); data/mrbayes-3.2.7a/src/mcmc.c:13616:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxLen = (int) strlen(tempStr); data/mrbayes-3.2.7a/src/mcmc.c:13633:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(tempStr); data/mrbayes-3.2.7a/src/mcmc.c:13661:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(tempStr); data/mrbayes-3.2.7a/src/mcmc.c:13672:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(tempStr); data/mrbayes-3.2.7a/src/mcmc.c:13707:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(tempStr); data/mrbayes-3.2.7a/src/mcmc.c:13710:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(tempStr); data/mrbayes-3.2.7a/src/mcmc.c:13837:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/mcmc.c:13875:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxLen = (int) strlen(tempStr); data/mrbayes-3.2.7a/src/mcmc.c:13900:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(tempStr); data/mrbayes-3.2.7a/src/mcmc.c:13925:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(tempStr); data/mrbayes-3.2.7a/src/mcmc.c:13935:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(tempStr); data/mrbayes-3.2.7a/src/mcmc.c:15361:39: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). } while ((c = fgetc(fp)) != '\r' && c != '\n'); data/mrbayes-3.2.7a/src/mcmc.c:15366:33: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = fgetc(fp)) == '\r' || c == '\n') data/mrbayes-3.2.7a/src/mcmc.c:15382:26: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). do { c = fgetc(fp); data/mrbayes-3.2.7a/src/mcmc.c:15928:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(bkupName,"~"); data/mrbayes-3.2.7a/src/mcmc.c:15936:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((fpParm[n] = OpenNewMBPrintFile (fileName+strlen(workingDir))) == NULL) data/mrbayes-3.2.7a/src/mcmc.c:15938:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (CopyResults(fpParm[n],bkupName+strlen(workingDir),numPreviousGen) == ERROR) data/mrbayes-3.2.7a/src/mcmc.c:15952:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(bkupName,"~"); data/mrbayes-3.2.7a/src/mcmc.c:15959:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((fpTree[n][i] = OpenNewMBPrintFile (fileName+strlen(workingDir))) == NULL) data/mrbayes-3.2.7a/src/mcmc.c:15961:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (CopyTreeResults(fpTree[n][i],bkupName+strlen(workingDir),numPreviousGen,numSamples) == ERROR) data/mrbayes-3.2.7a/src/mcmc.c:15971:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(bkupName,"~"); data/mrbayes-3.2.7a/src/mcmc.c:15978:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((fpSS = OpenNewMBPrintFile (fileName+strlen(workingDir))) == NULL) data/mrbayes-3.2.7a/src/mcmc.c:15980:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (CopyProcessSsFile(fpSS,bkupName+strlen(workingDir),steps,marginalLnLSS,splitfreqSS)==ERROR) data/mrbayes-3.2.7a/src/mcmc.c:15989:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(bkupName,"~"); data/mrbayes-3.2.7a/src/mcmc.c:15996:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((fpMcmc = OpenNewMBPrintFile (fileName+strlen(workingDir))) == NULL) data/mrbayes-3.2.7a/src/mcmc.c:15998:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (CopyResults(fpMcmc,bkupName+strlen(workingDir),numPreviousGen)==ERROR) data/mrbayes-3.2.7a/src/mcmc.c:17369:21: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (bkupFileName, "~"); data/mrbayes-3.2.7a/src/mcmc.c:18710:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/mcmc.c:18944:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). spacer[strlen(spacer) - 3] = '\0'; data/mrbayes-3.2.7a/src/model.c:499:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameLength = (int) (strlen (moveType->shortName) + strlen (param->name)) + 10; data/mrbayes-3.2.7a/src/model.c:499:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameLength = (int) (strlen (moveType->shortName) + strlen (param->name)) + 10; data/mrbayes-3.2.7a/src/model.c:509:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameLength = (int) (strlen (moveType->shortName) + strlen (moveType->paramName) + strlen (partitionDescriptor)) + 10; data/mrbayes-3.2.7a/src/model.c:509:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameLength = (int) (strlen (moveType->shortName) + strlen (moveType->paramName) + strlen (partitionDescriptor)) + 10; data/mrbayes-3.2.7a/src/model.c:509:91: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameLength = (int) (strlen (moveType->shortName) + strlen (moveType->paramName) + strlen (partitionDescriptor)) + 10; data/mrbayes-3.2.7a/src/model.c:515:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameLength += (int)(strlen(param->subParams[i]->name)) + 1; data/mrbayes-3.2.7a/src/model.c:576:17: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(temp->name,","); data/mrbayes-3.2.7a/src/model.c:580:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (temp->name,")"); data/mrbayes-3.2.7a/src/model.c:2347:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/model.c:2630:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/model.c:3858:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(headerNames[i]); data/mrbayes-3.2.7a/src/model.c:4157:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i=0; i<(int)strlen(localTkn); i++) data/mrbayes-3.2.7a/src/model.c:4163:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (k=0; k<(int)strlen(temp); k++) data/mrbayes-3.2.7a/src/model.c:4165:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(localTkn,temp,strlen(localTkn)) == 0) data/mrbayes-3.2.7a/src/model.c:4171:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(localTkn,"prob",strlen(localTkn)) == 0) data/mrbayes-3.2.7a/src/model.c:4176:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(localTkn,"targetrate",strlen(localTkn)) == 0) data/mrbayes-3.2.7a/src/model.c:4231:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j=(int)strlen(localTkn); data/mrbayes-3.2.7a/src/model.c:4241:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (k=0; k<(int)strlen(temp); k++) data/mrbayes-3.2.7a/src/model.c:4243:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(temp,localTkn,strlen(localTkn)) == 0) data/mrbayes-3.2.7a/src/model.c:7934:25: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(modelParams[i].treeAgePr.name, "("); data/mrbayes-3.2.7a/src/model.c:8026:25: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(modelParams[i].treeAgePr.name, ","); data/mrbayes-3.2.7a/src/model.c:8036:25: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(modelParams[i].treeAgePr.name, ")"); data/mrbayes-3.2.7a/src/model.c:10596:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i=0; i<(int)strlen(tempName); i++) data/mrbayes-3.2.7a/src/model.c:10605:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (k=0; k<(int)(strlen(temp)); k++) data/mrbayes-3.2.7a/src/model.c:10621:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (k=0; k<(int)strlen(temp); k++) data/mrbayes-3.2.7a/src/model.c:10623:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(tempName,temp,strlen(tempName)) == 0) data/mrbayes-3.2.7a/src/model.c:12194:25: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/model.c:12850:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int)strlen(treeName) > 99) data/mrbayes-3.2.7a/src/model.c:12857:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i=0; i<(int)strlen(localName); i++) data/mrbayes-3.2.7a/src/model.c:12864:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (k=0; k<(int)strlen(temp); k++) data/mrbayes-3.2.7a/src/model.c:12877:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (k=0; k<(int)strlen(temp); k++) data/mrbayes-3.2.7a/src/model.c:12879:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(localName,temp,strlen(localName)) == 0) data/mrbayes-3.2.7a/src/model.c:15503:9: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/model.c:18819:33: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (tempCodon, "A"); data/mrbayes-3.2.7a/src/model.c:18821:33: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (tempCodon, "C"); data/mrbayes-3.2.7a/src/model.c:18823:33: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (tempCodon, "G"); data/mrbayes-3.2.7a/src/model.c:18825:33: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (tempCodon, "T"); data/mrbayes-3.2.7a/src/model.c:23568:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printedCol = (int)(strlen(spacer)) + 25 + 10; data/mrbayes-3.2.7a/src/model.c:23574:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printedCol = (int)(strlen(spacer)) + 25 + 10; data/mrbayes-3.2.7a/src/model.c:23915:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printedCol = (int)(strlen(spacer)) + 25 + (int)(strlen(p->subParams[k]->name)); data/mrbayes-3.2.7a/src/model.c:23915:73: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printedCol = (int)(strlen(spacer)) + 25 + (int)(strlen(p->subParams[k]->name)); data/mrbayes-3.2.7a/src/model.c:23921:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (printedCol + (int)(strlen(p->subParams[k]->name)) + 5 > screenWidth) data/mrbayes-3.2.7a/src/model.c:23929:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (printedCol + (int)(strlen(p->subParams[k]->name)) + 2 > screenWidth) data/mrbayes-3.2.7a/src/model.c:23932:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printedCol = (int)(strlen(spacer)) + 25; data/mrbayes-3.2.7a/src/model.c:23940:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printedCol += (int)strlen(p->subParams[k]->name); data/mrbayes-3.2.7a/src/model.c:23999:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printedCol = (int)(strlen(spacer)) + 25; data/mrbayes-3.2.7a/src/model.c:24011:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printedCol += 9 + (int)strlen(mv->name) + (int)(log10(mv->relProposalProb[chainIndex])) + 3; data/mrbayes-3.2.7a/src/model.c:24015:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (printedCol + 11 + (int)(strlen(mv->name)) + (int)(log10(mv->relProposalProb[chainIndex])) + 3 > screenWidth) data/mrbayes-3.2.7a/src/model.c:24018:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printedCol = 25 + (int)(strlen(spacer)); data/mrbayes-3.2.7a/src/model.c:24026:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printedCol += (9 + (int)(strlen(mv->name)) + (int)(log10(mv->relProposalProb[chainIndex])) + 3); data/mrbayes-3.2.7a/src/model.c:24079:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printedCol = (int)(strlen(spacer)) + 25; data/mrbayes-3.2.7a/src/model.c:24081:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (printedCol + 2 + (int)(strlen(mv->moveType->shortName)) > screenWidth) data/mrbayes-3.2.7a/src/model.c:24084:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printedCol = (int)(strlen(spacer)) + 25; data/mrbayes-3.2.7a/src/model.c:24092:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printedCol += (int)strlen(mv->moveType->shortName); data/mrbayes-3.2.7a/src/proposal.c:814:9: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:1802:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:2334:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:2678:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:2685:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:2758:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:3213:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:3220:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:3273:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:3851:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:4144:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:4152:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:4631:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:5016:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:5023:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:5845:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:6070:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:6075:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:6638:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:6855:9: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:6973:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:6978:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:7037:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:7248:9: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:7343:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:7348:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:7622:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:7790:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:7794:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:8069:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:8319:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:9504:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:10074:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:10152:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:10530:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:10534:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:11903:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:12428:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/proposal.c:14740:9: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/sumpt.c:289:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(headerNames[i]); data/mrbayes-3.2.7a/src/sumpt.c:335:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (temp, sumpParams.sumpOutfile, 90); data/mrbayes-3.2.7a/src/sumpt.c:342:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(stamp) > 1) data/mrbayes-3.2.7a/src/sumpt.c:508:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (spacer, ""); data/mrbayes-3.2.7a/src/sumpt.c:524:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (spacer, ""); data/mrbayes-3.2.7a/src/sumpt.c:635:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(headerNames[i]); data/mrbayes-3.2.7a/src/sumpt.c:1037:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (spacer, ""); data/mrbayes-3.2.7a/src/sumpt.c:1059:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (spacer, ""); data/mrbayes-3.2.7a/src/sumpt.c:1102:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn)>99 && (strchr(tkn,' ')-tkn) > 99) data/mrbayes-3.2.7a/src/sumpt.c:1127:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn)>99 && (strchr(tkn,' ')-tkn) > 99) data/mrbayes-3.2.7a/src/sumpt.c:1353:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn)>99 && (strchr(tkn,' ')-tkn) > 99) data/mrbayes-3.2.7a/src/sumpt.c:1639:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(sumpParams.sumpFileName) > 2) data/mrbayes-3.2.7a/src/sumpt.c:1641:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = sumpParams.sumpFileName + (int) strlen(sumpParams.sumpFileName) - 2; data/mrbayes-3.2.7a/src/sumpt.c:1985:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(temp); data/mrbayes-3.2.7a/src/sumpt.c:1998:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (temp, fileName, 90); data/mrbayes-3.2.7a/src/sumpt.c:2005:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(stamp) > 1) data/mrbayes-3.2.7a/src/sumpt.c:2122:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j2 = (int)(strlen(headerNames[i]) + 2 + strlen(modelElementNames[j][j1])); data/mrbayes-3.2.7a/src/sumpt.c:2122:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j2 = (int)(strlen(headerNames[i]) + 2 + strlen(modelElementNames[j][j1])); data/mrbayes-3.2.7a/src/sumpt.c:2138:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (temp,fileName,90); data/mrbayes-3.2.7a/src/sumpt.c:2146:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(stamp) > 1) data/mrbayes-3.2.7a/src/sumpt.c:2482:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(temp); data/mrbayes-3.2.7a/src/sumpt.c:2495:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (tempf, fileName, 90); data/mrbayes-3.2.7a/src/sumpt.c:2502:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(stamp) > 1) data/mrbayes-3.2.7a/src/sumpt.c:3248:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (t->nodes[i].label, ""); data/mrbayes-3.2.7a/src/sumpt.c:4391:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (spacer, ""); data/mrbayes-3.2.7a/src/sumpt.c:4689:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int)strlen(stamp) > 1) data/mrbayes-3.2.7a/src/sumpt.c:5195:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen (taxaNames[k]); data/mrbayes-3.2.7a/src/sumpt.c:5528:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = i + (int)(strlen(treeName)) + 2; /* length of length{m}[n] or height{m}[n] */ data/mrbayes-3.2.7a/src/sumpt.c:5533:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(sumtParams.tree->bSetName[j]) + 7 + i; data/mrbayes-3.2.7a/src/sumpt.c:5539:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(sumtParams.tree->eSetName[j]) + 8 + i; data/mrbayes-3.2.7a/src/sumpt.c:5545:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(sumtParams.tree->popSizeSetName) + i; data/mrbayes-3.2.7a/src/sumpt.c:5585:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempStrLength=(int)strlen(tempStr); data/mrbayes-3.2.7a/src/sumpt.c:5604:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempStrLength=(int)strlen(tempStr); data/mrbayes-3.2.7a/src/sumpt.c:5623:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempStrLength=(int)strlen(tempStr); data/mrbayes-3.2.7a/src/sumpt.c:5643:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempStrLength=(int)strlen(tempStr); data/mrbayes-3.2.7a/src/sumpt.c:5656:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempStrLength=(int)strlen(tempStr); data/mrbayes-3.2.7a/src/sumpt.c:5672:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempStrLength=(int)strlen(tempStr); data/mrbayes-3.2.7a/src/sumpt.c:5691:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempStrLength=(int)strlen(tempStr); data/mrbayes-3.2.7a/src/sumpt.c:5864:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tkn)>99) data/mrbayes-3.2.7a/src/sumpt.c:5868:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MrBayesPrint ("%s has %d characters.\n", spacer,strlen(tkn)); data/mrbayes-3.2.7a/src/sumpt.c:6500:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(p->label)>99) data/mrbayes-3.2.7a/src/sumpt.c:6528:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sumtParams.popSizeSetName = (char *) SafeCalloc (strlen(t->popSizeSetName)+1, sizeof(char)); data/mrbayes-3.2.7a/src/sumpt.c:6954:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = (int)(strlen(p->label)) + 4 + (int)(log10(index+1)); data/mrbayes-3.2.7a/src/sumpt.c:6956:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = (int)(strlen(p->label)); data/mrbayes-3.2.7a/src/sumpt.c:6969:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int)strlen(p->label) > nameLength) data/mrbayes-3.2.7a/src/sumpt.c:7069:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen (stamp); data/mrbayes-3.2.7a/src/sumpt.c:7215:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen (stamp); data/mrbayes-3.2.7a/src/sumpt.c:7671:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(tempStr); data/mrbayes-3.2.7a/src/sumpt.c:7711:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(tempStr); data/mrbayes-3.2.7a/src/sumpt.c:7977:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width = (int) strlen (temp); data/mrbayes-3.2.7a/src/sumpt.c:8199:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). from = (int)(from + 1.5 + ((to - from - 1 - strlen(temp)) / 2.0)); data/mrbayes-3.2.7a/src/sumpt.c:8227:69: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). from = (int)(from + 1.5 + ((to - from - 1 - strlen(temp)) / 2.0)); data/mrbayes-3.2.7a/src/utils.c:311:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (strCpy,strBuf,longestLine); data/mrbayes-3.2.7a/src/utils.c:350:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (strCpy,strBuf,longestLine); data/mrbayes-3.2.7a/src/utils.c:422:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (strCpy,strBuf,longestLine); data/mrbayes-3.2.7a/src/utils.c:801:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(token) > strlen(expected)) data/mrbayes-3.2.7a/src/utils.c:801:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(token) > strlen(expected)) data/mrbayes-3.2.7a/src/utils.c:804:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen (token); data/mrbayes-3.2.7a/src/utils.c:909:18: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((ch = getc(fp)) != EOF) data/mrbayes-3.2.7a/src/utils.c:918:32: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (((nextCh = getc(fp)) == EOF) || (nextCh != '\n')) data/mrbayes-3.2.7a/src/utils.c:939:10: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = fgetc(fp); data/mrbayes-3.2.7a/src/utils.c:944:18: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = fgetc(fp); data/mrbayes-3.2.7a/src/utils.c:950:23: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((ch = fgetc(fp)) == '\n') data/mrbayes-3.2.7a/src/utils.c:954:22: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = fgetc(fp); data/mrbayes-3.2.7a/src/utils.c:963:22: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = fgetc(fp); data/mrbayes-3.2.7a/src/utils.c:1290:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(fileName, name, 199 - strlen(fileName)); data/mrbayes-3.2.7a/src/utils.c:1290:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(fileName, name, 199 - strlen(fileName)); data/mrbayes-3.2.7a/src/utils.c:1308:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(fileName, name, 199 - strlen(fileName)); data/mrbayes-3.2.7a/src/utils.c:1308:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(fileName, name, 199 - strlen(fileName)); data/mrbayes-3.2.7a/src/utils.c:1326:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(fileName, name, 199 - strlen(fileName)); data/mrbayes-3.2.7a/src/utils.c:1326:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(fileName, name, 199 - strlen(fileName)); data/mrbayes-3.2.7a/src/utils.c:1343:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(fileName, name, 199 - strlen(fileName)); data/mrbayes-3.2.7a/src/utils.c:1343:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(fileName, name, 199 - strlen(fileName)); data/mrbayes-3.2.7a/src/utils.c:1361:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(fileName, name, 199 - strlen(fileName)); data/mrbayes-3.2.7a/src/utils.c:1361:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(fileName, name, 199 - strlen(fileName)); data/mrbayes-3.2.7a/src/utils.c:1598:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *target = (char *) SafeCalloc (strlen (source) + 1, sizeof (char)); data/mrbayes-3.2.7a/src/utils.c:1602:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen (source) + strlen (*target) + data/mrbayes-3.2.7a/src/utils.c:1602:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen (source) + strlen (*target) + data/mrbayes-3.2.7a/src/utils.c:1616:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *target = (char *) SafeCalloc (strlen (source) + 1, sizeof (char)); data/mrbayes-3.2.7a/src/utils.c:1620:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen (source) + 1) * sizeof (char)); data/mrbayes-3.2.7a/src/utils.c:1696:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s) < strlen(t)) data/mrbayes-3.2.7a/src/utils.c:1696:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s) < strlen(t)) data/mrbayes-3.2.7a/src/utils.c:1697:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). minLen = (int) strlen(s); data/mrbayes-3.2.7a/src/utils.c:1699:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). minLen = (int) strlen(t); data/mrbayes-3.2.7a/src/utils.c:1748:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(fileName, name, 99 - strlen(fileName)); data/mrbayes-3.2.7a/src/utils.c:1748:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(fileName, name, 99 - strlen(fileName)); data/mrbayes-3.2.7a/src/utils.c:1811:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s[strlen(s)-1] = '\0'; data/mrbayes-3.2.7a/src/utils.c:1897:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(pt->name,""); data/mrbayes-3.2.7a/src/utils.c:2004:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (t->name, ""); data/mrbayes-3.2.7a/src/utils.c:2074:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (t->name, ""); data/mrbayes-3.2.7a/src/utils.c:3086:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). to->bSetName[i] = (char *) SafeCalloc (strlen(from->bSetName[i])+2, sizeof(char)); data/mrbayes-3.2.7a/src/utils.c:3094:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). to->eSetName[i] = (char *) SafeCalloc (strlen(from->eSetName[i])+2, sizeof(char)); data/mrbayes-3.2.7a/src/utils.c:3120:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). to->popSizeSetName = (char *) SafeCalloc (strlen(from->popSizeSetName) + 1, sizeof(char)); data/mrbayes-3.2.7a/src/utils.c:4292:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/utils.c:5158:9: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/mrbayes-3.2.7a/src/utils.c:6242:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (p->label,""); ANALYSIS SUMMARY: Hits = 1110 Lines analyzed = 117411 in approximately 3.37 seconds (34834 lines/second) Physical Source Lines of Code (SLOC) = 95553 Hits@level = [0] 651 [1] 343 [2] 468 [3] 1 [4] 298 [5] 0 Hits@level+ = [0+] 1761 [1+] 1110 [2+] 767 [3+] 299 [4+] 298 [5+] 0 Hits/KSLOC@level+ = [0+] 18.4296 [1+] 11.6166 [2+] 8.02696 [3+] 3.12915 [4+] 3.11869 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.