Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ncview-2.1.8+ds/x_interface.c
Examining data/ncview-2.1.8+ds/src/utCalendar2_cal.h
Examining data/ncview-2.1.8+ds/src/colormaps_hotres.h
Examining data/ncview-2.1.8+ds/src/epic_time.c
Examining data/ncview-2.1.8+ds/src/overlay.c
Examining data/ncview-2.1.8+ds/src/SciPlot.h
Examining data/ncview-2.1.8+ds/src/do_buttons.c
Examining data/ncview-2.1.8+ds/src/udu.c
Examining data/ncview-2.1.8+ds/src/colormaps_jet.h
Examining data/ncview-2.1.8+ds/src/colormaps_manga.h
Examining data/ncview-2.1.8+ds/src/colormaps_wheel.h
Examining data/ncview-2.1.8+ds/src/ncview.defines.h
Examining data/ncview-2.1.8+ds/src/colormaps_jaisnc.h
Examining data/ncview-2.1.8+ds/src/colormaps_helix2.h
Examining data/ncview-2.1.8+ds/src/qsort.c
Examining data/ncview-2.1.8+ds/src/colormaps_helix.h
Examining data/ncview-2.1.8+ds/src/colormaps_roullet.h
Examining data/ncview-2.1.8+ds/src/colormaps_extrema.h
Examining data/ncview-2.1.8+ds/src/colormaps_jaisnb.h
Examining data/ncview-2.1.8+ds/src/do_print.c
Examining data/ncview-2.1.8+ds/src/colormaps_banded.h
Examining data/ncview-2.1.8+ds/src/colormaps_detail.h
Examining data/ncview-2.1.8+ds/src/colormaps_blue_red.h
Examining data/ncview-2.1.8+ds/src/colormaps_jaisnd.h
Examining data/ncview-2.1.8+ds/src/ncview.protos.h
Examining data/ncview-2.1.8+ds/src/ncview.includes.h
Examining data/ncview-2.1.8+ds/src/colormaps_rainbow.h
Examining data/ncview-2.1.8+ds/src/colormaps_jaison.h
Examining data/ncview-2.1.8+ds/src/ncview.bitmaps.h
Examining data/ncview-2.1.8+ds/src/colormaps_jaisn2.h
Examining data/ncview-2.1.8+ds/src/colormaps_ssec.h
Examining data/ncview-2.1.8+ds/src/SciPlot.c
Examining data/ncview-2.1.8+ds/src/colormaps_blu_red.h
Examining data/ncview-2.1.8+ds/src/colormaps_3saw.h
Examining data/ncview-2.1.8+ds/src/overlay_usa.h
Examining data/ncview-2.1.8+ds/src/colormaps_bright.h
Examining data/ncview-2.1.8+ds/src/handle_rc_file.c
Examining data/ncview-2.1.8+ds/src/calcalcs.h
Examining data/ncview-2.1.8+ds/src/overlay_coasts_p8deg.h
Examining data/ncview-2.1.8+ds/src/colormaps_3gauss.h
Examining data/ncview-2.1.8+ds/src/overlay_coasts_p08deg.h
Examining data/ncview-2.1.8+ds/src/utCalendar2_cal.c
Examining data/ncview-2.1.8+ds/src/colormaps_default.h
Examining data/ncview-2.1.8+ds/src/interface/open_circle_bitmap.h
Examining data/ncview-2.1.8+ds/src/interface/fallback_resources.h
Examining data/ncview-2.1.8+ds/src/interface/helvR08.h
Examining data/ncview-2.1.8+ds/src/interface/cbar.c
Examining data/ncview-2.1.8+ds/src/interface/plot_range.c
Examining data/ncview-2.1.8+ds/src/interface/RadioWidget.c
Examining data/ncview-2.1.8+ds/src/interface/closed_circle_bitmap.h
Examining data/ncview-2.1.8+ds/src/interface/dataedit.c
Examining data/ncview-2.1.8+ds/src/interface/utils.c
Examining data/ncview-2.1.8+ds/src/interface/set_options.c
Examining data/ncview-2.1.8+ds/src/interface/display_info.c
Examining data/ncview-2.1.8+ds/src/interface/widgets.h
Examining data/ncview-2.1.8+ds/src/interface/printer_options.c
Examining data/ncview-2.1.8+ds/src/interface/plot_xy.c
Examining data/ncview-2.1.8+ds/src/interface/filesel.c
Examining data/ncview-2.1.8+ds/src/interface/range.c
Examining data/ncview-2.1.8+ds/src/interface/RadioWidget.h
Examining data/ncview-2.1.8+ds/src/interface/colormap_funcs.c
Examining data/ncview-2.1.8+ds/src/interface/interface.c
Examining data/ncview-2.1.8+ds/src/interface/make_tc_data.c
Examining data/ncview-2.1.8+ds/src/interface/x_interface.c
Examining data/ncview-2.1.8+ds/src/SciPlotP.h
Examining data/ncview-2.1.8+ds/src/geteuid.c
Examining data/ncview-2.1.8+ds/src/colormaps_bw.h
Examining data/ncview-2.1.8+ds/src/calcalcs.c
Examining data/ncview-2.1.8+ds/src/file.c
Examining data/ncview-2.1.8+ds/src/util.c
Examining data/ncview-2.1.8+ds/src/stringlist.c
Examining data/ncview-2.1.8+ds/src/stringlist.h
Examining data/ncview-2.1.8+ds/src/file_netcdf.c
Examining data/ncview-2.1.8+ds/src/view.c
Examining data/ncview-2.1.8+ds/src/ncview.c
FINAL RESULTS:
data/ncview-2.1.8+ds/src/SciPlot.c:232:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new->plot.xlabel,new->plot.TransientXLabel);
data/ncview-2.1.8+ds/src/SciPlot.c:234:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new->plot.ylabel,new->plot.TransientYLabel);
data/ncview-2.1.8+ds/src/SciPlot.c:236:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new->plot.plotTitle,new->plot.TransientPlotTitle);
data/ncview-2.1.8+ds/src/SciPlot.c:332:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new->plot.xlabel,new->plot.TransientXLabel);
data/ncview-2.1.8+ds/src/SciPlot.c:338:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new->plot.ylabel,new->plot.TransientYLabel);
data/ncview-2.1.8+ds/src/SciPlot.c:344:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new->plot.plotTitle,new->plot.TransientPlotTitle);
data/ncview-2.1.8+ds/src/SciPlot.c:517:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,pfd->PostScript);
data/ncview-2.1.8+ds/src/SciPlot.c:1613:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(item->kind.text.text,text);
data/ncview-2.1.8+ds/src/SciPlot.c:1657:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(item->kind.text.text,text);
data/ncview-2.1.8+ds/src/SciPlot.c:1830:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->legend,legend);
data/ncview-2.1.8+ds/src/SciPlot.c:2345:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(label,160,numberformat,val);
data/ncview-2.1.8+ds/src/SciPlot.c:2364:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(label,160,numberformat,val);
data/ncview-2.1.8+ds/src/SciPlot.c:2378:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(label,160,numberformat,val);
data/ncview-2.1.8+ds/src/SciPlot.c:2726:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(label,512,numberformat,val*w->plot.x.Scalefact);
data/ncview-2.1.8+ds/src/SciPlot.c:2784:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(label,512,numberformat,val*w->plot.x.Scalefact);
data/ncview-2.1.8+ds/src/SciPlot.c:2803:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(label,512,numberformat,val*w->plot.y.Scalefact);
data/ncview-2.1.8+ds/src/SciPlot.c:2861:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(label,512,numberformat,val*w->plot.y.Scalefact);
data/ncview-2.1.8+ds/src/SciPlot.c:2993:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(label,16,numberformat,tic);
data/ncview-2.1.8+ds/src/calcalcs.c:142:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( retval->name, calname );
data/ncview-2.1.8+ds/src/calcalcs.c:186:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( retval->name, calname );
data/ncview-2.1.8+ds/src/calcalcs.c:226:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( retval->name, calname );
data/ncview-2.1.8+ds/src/calcalcs.c:250:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( retval->name, calname );
data/ncview-2.1.8+ds/src/calcalcs.c:271:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( retval->name, calname );
data/ncview-2.1.8+ds/src/calcalcs.c:313:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( retval->name, calname );
data/ncview-2.1.8+ds/src/calcalcs.c:354:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( error_message, "ccs_isleap: year %d is out of range for the %s calendar; dates must not be before 4713 B.C.", year, calendar->name );
data/ncview-2.1.8+ds/src/calcalcs.c:471:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( error_message, "ccs_date2jday: date %04d-%02d-%02d is not a valid date in the %s calendar; it falls between the last date the %s calendar was used (%04d-%02d-%02d) and the first date the %s calendar was used (%04d-%02d-%02d)",
data/ncview-2.1.8+ds/src/calcalcs.c:487:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( error_message, "date2jday passed an date that is invalid in the %s calendar: %04d-%02d-%02d",
data/ncview-2.1.8+ds/src/calcalcs.c:519:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( error_message, "ccs_date2doy: date %04d-%02d-%02d is not a valid date in the %s calendar; it falls between the last date the %s calendar was used (%04d-%02d-%02d) and the first date the %s calendar was used (%04d-%02d-%02d)",
data/ncview-2.1.8+ds/src/calcalcs.c:630:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( error_message, "year %d in the %s calendar (with transition date %04d-%02d-%02d) has less than %d days, but that was the day-of-year number requested in a call to ccs_doy2date\n",
data/ncview-2.1.8+ds/src/calcalcs.c:652:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( error_message, "routine ccs_doy2date was passed a day-of-year=%d, but for year %d in the %s calendar, the value must be between 1 and %d",
data/ncview-2.1.8+ds/src/calcalcs.c:703:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( error_message, "ccs_dayssince: date %04d-%02d-%02d is not a valid date in the %s calendar; it falls between the last date the %s calendar was used (%04d-%02d-%02d) and the first date the %s calendar was used (%04d-%02d-%02d)",
data/ncview-2.1.8+ds/src/calcalcs.c:763:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( ccs_xition_dates[ccs_n_country_codes]->code, code );
data/ncview-2.1.8+ds/src/calcalcs.c:771:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( ccs_xition_dates[ccs_n_country_codes]->longname, longname );
data/ncview-2.1.8+ds/src/calcalcs.c:857:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( error_message, "ccs_get_xition_date: unknown calendar country/region code: \"%s\". Known codes: ", country_code );
data/ncview-2.1.8+ds/src/calcalcs.c:860:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( error_message, ccs_xition_dates[i]->code );
data/ncview-2.1.8+ds/src/calcalcs.c:862:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( error_message, ccs_xition_dates[i]->longname );
data/ncview-2.1.8+ds/src/calcalcs.c:1602:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( error_message, "Failed to turn the mixed calendar transition day %04d-%02d-%02d in the %s calendar into a Julian day!\n",
data/ncview-2.1.8+ds/src/calcalcs.c:1612:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( error_message, "Failed to turn the day BEFORE the mixed calendar transition day of %04d-%02d-%02d into a date while using calendar %s! %s\n",
data/ncview-2.1.8+ds/src/do_print.c:88:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( printopts.font_name, FONT_NAME );
data/ncview-2.1.8+ds/src/do_print.c:236:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( tstr, main_units );
data/ncview-2.1.8+ds/src/do_print.c:252:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( tstr, x_dim_longname );
data/ncview-2.1.8+ds/src/do_print.c:255:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( tstr, x_units );
data/ncview-2.1.8+ds/src/do_print.c:265:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( tstr, y_dim_longname );
data/ncview-2.1.8+ds/src/do_print.c:268:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( tstr, y_units );
data/ncview-2.1.8+ds/src/do_print.c:321:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( tstr, y_units );
data/ncview-2.1.8+ds/src/do_print.c:343:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( tstr, units );
data/ncview-2.1.8+ds/src/do_print.c:358:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( tstr, fdb->filename );
data/ncview-2.1.8+ds/src/do_print.c:365:34: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
snprintf( tstr, 1499, "%s %s", getlogin(), ctime(&sec_since_1970) );
data/ncview-2.1.8+ds/src/do_print.c:390:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
istat = system( tstr );
data/ncview-2.1.8+ds/src/file_netcdf.c:188:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( grp_var_name, var_name );
data/ncview-2.1.8+ds/src/file_netcdf.c:191:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( grp_var_name, groupname );
data/ncview-2.1.8+ds/src/file_netcdf.c:193:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( grp_var_name, var_name );
data/ncview-2.1.8+ds/src/file_netcdf.c:691:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( varname_sans_groups, varname );
data/ncview-2.1.8+ds/src/file_netcdf.c:695:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( varname_sans_groups, varname+idx_slash[nslash-1]+1 );
data/ncview-2.1.8+ds/src/interface/colormap_funcs.c:98:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( newel->name, el->name );
data/ncview-2.1.8+ds/src/interface/colormap_funcs.c:274:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( cm_name, sl->string+5 );
data/ncview-2.1.8+ds/src/interface/colormap_funcs.c:391:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( cmaplist->name, name );
data/ncview-2.1.8+ds/src/interface/dataedit.c:197:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( line,
data/ncview-2.1.8+ds/src/interface/dataedit.c:202:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( line, list->string );
data/ncview-2.1.8+ds/src/interface/dataedit.c:213:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( *(list_text+list->list_index), line );
data/ncview-2.1.8+ds/src/interface/filesel.c:299:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( retval_buf, tstr );
data/ncview-2.1.8+ds/src/interface/filesel.c:306:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( retval_buf, tstr );
data/ncview-2.1.8+ds/src/interface/filesel.c:310:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( retval_buf, tstr );
data/ncview-2.1.8+ds/src/interface/filesel.c:404:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( *(s+i++), sl->string );
data/ncview-2.1.8+ds/src/interface/printer_options.c:177:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( po->font_name, tstr2 );
data/ncview-2.1.8+ds/src/interface/printer_options.c:187:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( po->out_file_name, tstr2 );
data/ncview-2.1.8+ds/src/interface/range.c:464:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( tstr, widget_str );
data/ncview-2.1.8+ds/src/interface/range.c:488:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( tstr, widget_str );
data/ncview-2.1.8+ds/src/interface/set_options.c:609:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( overlay_filename, filename );
data/ncview-2.1.8+ds/src/interface/x_interface.c:1261:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( temp, tag );
data/ncview-2.1.8+ds/src/interface/x_interface.c:3065:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( ret_string, XawDialogGetValueString( error_popupdialog_widget ));
data/ncview-2.1.8+ds/src/ncview.c:204:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( options.calendar, argv[i+1] );
data/ncview-2.1.8+ds/src/ncview.c:333:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( bufr, argv[i]+n+1 );
data/ncview-2.1.8+ds/src/overlay.c:164:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( overlay_base_dir, NCVIEW_LIB_DIR );
data/ncview-2.1.8+ds/src/overlay.c:175:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( overlay_base_dir, dir );
data/ncview-2.1.8+ds/src/stringlist.c:218:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( (char *)(new_el->aux), (char *)aux );
data/ncview-2.1.8+ds/src/stringlist.c:539:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( new_el->string, new_string );
data/ncview-2.1.8+ds/src/udu.c:286:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( ul_new->name, units );
data/ncview-2.1.8+ds/src/udu.c:302:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( ul_new->name, units );
data/ncview-2.1.8+ds/src/utCalendar2_cal.c:222:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( prev_calendar, cal2use->name );
data/ncview-2.1.8+ds/src/utCalendar2_cal.c:225:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( prev_dataunits_str, dataunits_str );
data/ncview-2.1.8+ds/src/utCalendar2_cal.c:415:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( prev_calendar, cal2use->name );
data/ncview-2.1.8+ds/src/utCalendar2_cal.c:418:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( prev_user_unit_str, user_unit_str );
data/ncview-2.1.8+ds/src/utCalendar2_cal.c:684:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( known_cal_name[new_index], name );
data/ncview-2.1.8+ds/src/utCalendar2_cal.c:774:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( unknown_cal_emitted_warning_for[ n_unkcal ], calendar_name );
data/ncview-2.1.8+ds/src/util.c:432:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( new_fdb->filename, filename );
data/ncview-2.1.8+ds/src/util.c:447:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( new_var->name, var_name );
data/ncview-2.1.8+ds/src/util.c:962:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( orig_coord_att, coord_att );
data/ncview-2.1.8+ds/src/util.c:1049:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( tmi->coord_var_name, coord_var_name );
data/ncview-2.1.8+ds/src/util.c:1094:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( map_info->coord_att, coord_att );
data/ncview-2.1.8+ds/src/util.c:1107:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( map_info->coord_var_name, coord_var_name );
data/ncview-2.1.8+ds/src/util.c:2384:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( groupname, varname );
data/ncview-2.1.8+ds/src/util.c:2401:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( ts, varname );
data/ncview-2.1.8+ds/src/util.c:2404:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( groupname, ts+idx_slash[nslash-1]+1 );
data/ncview-2.1.8+ds/src/util.c:2410:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( groupname, ts );
data/ncview-2.1.8+ds/src/util.c:2421:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( groupname, ts+i0 );
data/ncview-2.1.8+ds/src/view.c:544:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( view_place, temp_string );
data/ncview-2.1.8+ds/src/view.c:547:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( view_place, temp_string );
data/ncview-2.1.8+ds/src/view.c:550:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( view_place, temp_string );
data/ncview-2.1.8+ds/src/view.c:555:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( view_place, temp_string );
data/ncview-2.1.8+ds/src/view.c:565:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( view_place, temp_string );
data/ncview-2.1.8+ds/src/view.c:568:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( view_place, temp_string );
data/ncview-2.1.8+ds/src/view.c:573:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( view_place, temp_string );
data/ncview-2.1.8+ds/src/view.c:1337:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( scan_dim, dim_list->string );
data/ncview-2.1.8+ds/src/view.c:2303:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( str, tstr );
data/ncview-2.1.8+ds/src/view.c:2307:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( str, tstr );
data/ncview-2.1.8+ds/src/view.c:2885:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( x_axis_title, units );
data/ncview-2.1.8+ds/src/view.c:2915:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( y_axis_title, units );
data/ncview-2.1.8+ds/src/view.c:2927:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( title, file_title );
data/ncview-2.1.8+ds/src/handle_rc_file.c:78:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
homedir = getenv( "HOME" );
data/ncview-2.1.8+ds/src/handle_rc_file.c:161:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
homedir = getenv( "HOME" );
data/ncview-2.1.8+ds/src/interface/cbar.c:501:34: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char filename[132], *font_dir, *getenv(), *DEFAULT_FONT_DIR=".";
data/ncview-2.1.8+ds/src/interface/cbar.c:507:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
font_dir = getenv( "TITLE_FONT_DIR" );
data/ncview-2.1.8+ds/src/ncview.c:437:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ncview_base_dir = (char *)getenv( "NCVIEWBASE" );
data/ncview-2.1.8+ds/src/ncview.c:439:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ncview_base_dir = (char *)getenv( "HOME" );
data/ncview-2.1.8+ds/src/overlay.c:157:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
dir = (char *)getenv( "NCVIEWBASE" );
data/ncview-2.1.8+ds/src/SciPlot.c:510:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[128];
data/ncview-2.1.8+ds/src/SciPlot.c:522:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temp,"-Bold");
data/ncview-2.1.8+ds/src/SciPlot.c:527:28: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (pfd->PSUsesOblique) strcat(temp,"Oblique");
data/ncview-2.1.8+ds/src/SciPlot.c:528:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else strcat(temp,"Italic");
data/ncview-2.1.8+ds/src/SciPlot.c:531:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temp,"-Roman");
data/ncview-2.1.8+ds/src/SciPlot.c:573:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256],**list;
data/ncview-2.1.8+ds/src/SciPlot.c:637:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str,"fixed");
data/ncview-2.1.8+ds/src/SciPlot.c:1234:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontname[128];
data/ncview-2.1.8+ds/src/SciPlot.c:1236:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fd = fopen(filename, "w"))) {
data/ncview-2.1.8+ds/src/SciPlot.c:1297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ncview-2.1.8+ds/src/SciPlot.c:2325:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numberformat[160],label[160];
data/ncview-2.1.8+ds/src/SciPlot.c:2695:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numberformat[16],label[512],tlabel[512];
data/ncview-2.1.8+ds/src/SciPlot.c:2960:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numberformat[160],label[16];
data/ncview-2.1.8+ds/src/calcalcs.c:59:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char error_message[CCS_ERROR_MESSAGE_LEN];
data/ncview-2.1.8+ds/src/calcalcs.c:293:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( retval->name, "noleap" );
data/ncview-2.1.8+ds/src/calcalcs.c:861:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( error_message, " (" );
data/ncview-2.1.8+ds/src/calcalcs.c:863:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( error_message, ") " );
data/ncview-2.1.8+ds/src/calcalcs.c:925:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( error_message, "no error from calcalcs routines version %f", CALCALCS_VERSION_NUMBER );
data/ncview-2.1.8+ds/src/calcalcs.c:928:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( error_message, "a NULL calendar was passed to the calcalcs routine" );
data/ncview-2.1.8+ds/src/calcalcs.c:931:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( error_message, "an invalid, malformed, previously-freed, or uninitialized calendar was passed to the calcalcs routine" );
data/ncview-2.1.8+ds/src/calcalcs.c:944:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( error_message, "the Julian calendar has no year 0" );
data/ncview-2.1.8+ds/src/calcalcs.c:969:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( error_message, "the Gregorian calendar has no year 0. Use the \"Gregorian_y0\" calendar if you want to include year 0." );
data/ncview-2.1.8+ds/src/calcalcs.c:1012:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( error_message, "date %04d-%02d-%02d does not exist in the Gregorian calendar",
data/ncview-2.1.8+ds/src/calcalcs.c:1018:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( error_message, "year 0 does not exist in the Gregorian calendar. Use the \"Gregorian_y0\" calendar if you want to include year 0" );
data/ncview-2.1.8+ds/src/calcalcs.c:1024:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( error_message, "year %d is out of range of the Gregorian calendar routines; must have year >= -4714", year );
data/ncview-2.1.8+ds/src/calcalcs.c:1074:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( error_message, "date %04d-%02d-%02d does not exist in the Gregorian calendar",
data/ncview-2.1.8+ds/src/calcalcs.c:1081:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( error_message, "year %d is out of range of the Gregorian calendar routines; must have year >= -4714", year );
data/ncview-2.1.8+ds/src/calcalcs.c:1233:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( error_message, "date %04d-%02d-%02d does not exist in the Julian calendar",
data/ncview-2.1.8+ds/src/calcalcs.c:1239:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( error_message, "year 0 does not exist in the Julian calendar" );
data/ncview-2.1.8+ds/src/calcalcs.c:1245:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( error_message, "year %d is out of range of the Julian calendar routines; must have year >= -4713", year );
data/ncview-2.1.8+ds/src/calcalcs.c:1429:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( error_message, "date %04d-%02d-%02d does not exist in the 360_day calendar",
data/ncview-2.1.8+ds/src/calcalcs.c:1445:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( error_message, "date %04d-%02d-%02d does not exist in the noleap calendar",
data/ncview-2.1.8+ds/src/calcalcs.c:1510:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( error_message, "month %d does not exist in the Gregorian calendar", month );
data/ncview-2.1.8+ds/src/calcalcs.c:1532:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( error_message, "month %d does not exist in the Gregorian calendar", month );
data/ncview-2.1.8+ds/src/calcalcs.c:1553:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( error_message, "month %d does not exist in the Julian calendar", month );
data/ncview-2.1.8+ds/src/calcalcs.c:1572:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( error_message, "month %d does not exist in the 360_day calendar", month );
data/ncview-2.1.8+ds/src/calcalcs.c:1585:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( error_message, "month %d does not exist in the noleap calendar", month );
data/ncview-2.1.8+ds/src/do_print.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfname[1024], tstr[1500];
data/ncview-2.1.8+ds/src/do_print.c:121:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( printopts.out_file_name, "/tmp/ncview.XXXXXX" );
data/ncview-2.1.8+ds/src/do_print.c:122:15: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
outfid = mkstemp( printopts.out_file_name );
data/ncview-2.1.8+ds/src/do_print.c:128:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (outf = fopen(printopts.out_file_name, "a" )) == NULL ) {
data/ncview-2.1.8+ds/src/do_print.c:140:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (outf = fopen(printopts.out_file_name, "w" )) == NULL ) {
data/ncview-2.1.8+ds/src/do_print.c:202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *units, *x_dim_name, *x_dim_longname,
data/ncview-2.1.8+ds/src/do_print.c:235:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( tstr, " (" );
data/ncview-2.1.8+ds/src/do_print.c:254:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( tstr, " (" );
data/ncview-2.1.8+ds/src/do_print.c:267:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( tstr, " (" );
data/ncview-2.1.8+ds/src/do_print.c:357:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( tstr, "File " );
data/ncview-2.1.8+ds/src/do_print.c:383:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (f_dummy = fopen( printopts.out_file_name, "r" )) == NULL ) {
data/ncview-2.1.8+ds/src/epic_time.c:90:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char months[12][4] = { "Jan\0", "Feb\0", "Mar\0", "Apr\0",
data/ncview-2.1.8+ds/src/file_netcdf.c:301:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_name_ng[MAX_NC_NAME];
data/ncview-2.1.8+ds/src/file_netcdf.c:351:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_name_nogroups[MAX_NC_NAME];
data/ncview-2.1.8+ds/src/file_netcdf.c:396:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_name_nogroups[MAX_NC_NAME];
data/ncview-2.1.8+ds/src/file_netcdf.c:439:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dim_name, var_name_ng[MAX_NC_NAME];
data/ncview-2.1.8+ds/src/file_netcdf.c:483:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_name_ng[MAX_NC_NAME];
data/ncview-2.1.8+ds/src/file_netcdf.c:553:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_name_ng[MAX_NC_NAME];
data/ncview-2.1.8+ds/src/file_netcdf.c:679:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[MAX_NC_NAME];
data/ncview-2.1.8+ds/src/file_netcdf.c:705:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char groupname[MAX_NC_NAME], varname_sans_groups[MAX_NC_NAME], cur_gid_groupname[MAX_NC_NAME];
data/ncview-2.1.8+ds/src/file_netcdf.c:779:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_name[MAX_NC_NAME];
data/ncview-2.1.8+ds/src/file_netcdf.c:808:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_name[MAX_NC_NAME];
data/ncview-2.1.8+ds/src/file_netcdf.c:863:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_name[MAX_NC_NAME], var_name[MAX_NC_NAME];
data/ncview-2.1.8+ds/src/file_netcdf.c:946:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ret_val, var_name_ng[MAX_NC_NAME];
data/ncview-2.1.8+ds/src/file_netcdf.c:1023:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_name[256];
data/ncview-2.1.8+ds/src/file_netcdf.c:1103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_name[MAX_NC_NAME];
data/ncview-2.1.8+ds/src/file_netcdf.c:1216:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
c = (unsigned char *)boundvals[i];
data/ncview-2.1.8+ds/src/file_netcdf.c:1252:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy_var_name[ MAX_NC_NAME ], var_name_ng[MAX_NC_NAME], unlimdim_name[MAX_NC_NAME];
data/ncview-2.1.8+ds/src/file_netcdf.c:1556:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_name_ng[MAX_NC_NAME];
data/ncview-2.1.8+ds/src/file_netcdf.c:1668:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dim_name2[MAX_NC_NAME];
data/ncview-2.1.8+ds/src/file_netcdf.c:1744:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_name[MAX_NC_NAME], dummy_var_name[MAX_NC_NAME];
data/ncview-2.1.8+ds/src/file_netcdf.c:1745:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *data, *ret_string, line[2000];
data/ncview-2.1.8+ds/src/file_netcdf.c:1822:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_name[MAX_NC_NAME];
data/ncview-2.1.8+ds/src/file_netcdf.c:1823:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *data, *ret_string, line[2000];
data/ncview-2.1.8+ds/src/file_netcdf.c:1988:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[MAX_NC_NAME];
data/ncview-2.1.8+ds/src/file_netcdf.c:2001:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[MAX_NC_NAME];
data/ncview-2.1.8+ds/src/handle_rc_file.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname[2000], final_fname[2000];
data/ncview-2.1.8+ds/src/handle_rc_file.c:95:11: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
outfid = mkstemp( tmp_fname );
data/ncview-2.1.8+ds/src/handle_rc_file.c:104:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (outf = fopen( tmp_fname, "a" )) == NULL ) {
data/ncview-2.1.8+ds/src/handle_rc_file.c:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char final_fname[2000];
data/ncview-2.1.8+ds/src/handle_rc_file.c:175:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (fin = fopen(final_fname, "r")) == NULL ) {
data/ncview-2.1.8+ds/src/interface/cbar.c:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstr[1024];
data/ncview-2.1.8+ds/src/interface/cbar.c:271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[132];
data/ncview-2.1.8+ds/src/interface/cbar.c:301:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_line[132];
data/ncview-2.1.8+ds/src/interface/cbar.c:468:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[132];
data/ncview-2.1.8+ds/src/interface/cbar.c:501:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[132], *font_dir, *getenv(), *DEFAULT_FONT_DIR=".";
data/ncview-2.1.8+ds/src/interface/cbar.c:505:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (font_file = fopen( filename, "r" )) == NULL )
data/ncview-2.1.8+ds/src/interface/cbar.c:518:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
font_file = fopen( filename, "r" );
data/ncview-2.1.8+ds/src/interface/colormap_funcs.c:220:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cm_name[1000];
data/ncview-2.1.8+ds/src/interface/colormap_funcs.c:362:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void x_create_colormap( char *name, unsigned char r[256], unsigned char g[256], unsigned char b[256] )
data/ncview-2.1.8+ds/src/interface/colormap_funcs.c:362:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void x_create_colormap( char *name, unsigned char r[256], unsigned char g[256], unsigned char b[256] )
data/ncview-2.1.8+ds/src/interface/colormap_funcs.c:362:68: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void x_create_colormap( char *name, unsigned char r[256], unsigned char g[256], unsigned char b[256] )
data/ncview-2.1.8+ds/src/interface/colormap_funcs.c:362:90: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void x_create_colormap( char *name, unsigned char r[256], unsigned char g[256], unsigned char b[256] )
data/ncview-2.1.8+ds/src/interface/colormap_funcs.c:371:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sl_cmap_name[1020];
data/ncview-2.1.8+ds/src/interface/colormap_funcs.c:738:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmap_name_ext[1024]; /* "extended" because it has a "CMAP_" prepended */
data/ncview-2.1.8+ds/src/interface/dataedit.c:188:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[132];
data/ncview-2.1.8+ds/src/interface/display_info.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char window_title[132];
data/ncview-2.1.8+ds/src/interface/filesel.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char retval_buf[2048];
data/ncview-2.1.8+ds/src/interface/filesel.c:278:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tstr, orig_dir[1024];
data/ncview-2.1.8+ds/src/interface/filesel.c:384:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[2048];
data/ncview-2.1.8+ds/src/interface/interface.c:169:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
in_create_colormap( char *colormap_name, unsigned char r[256],
data/ncview-2.1.8+ds/src/interface/interface.c:169:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
in_create_colormap( char *colormap_name, unsigned char r[256],
data/ncview-2.1.8+ds/src/interface/interface.c:170:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char g[256], unsigned char b[256] )
data/ncview-2.1.8+ds/src/interface/interface.c:170:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char g[256], unsigned char b[256] )
data/ncview-2.1.8+ds/src/interface/plot_range.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plot_range_min_string[128], plot_range_max_string[128],
data/ncview-2.1.8+ds/src/interface/plot_xy.c:72:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *pXY_colorname[MAX_LINES_PER_PLOT] = {"red", "white", "blue",
data/ncview-2.1.8+ds/src/interface/plot_xy.c:461:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/ncview-2.1.8+ds/src/interface/plot_xy.c:477:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (f = fopen( filename, "w" )) == NULL ) {
data/ncview-2.1.8+ds/src/interface/plot_xy.c:491:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/ncview-2.1.8+ds/src/interface/plot_xy.c:493:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( filename, "ncview.ps" );
data/ncview-2.1.8+ds/src/interface/printer_options.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstr[1024], *tstr2;
data/ncview-2.1.8+ds/src/interface/range.c:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char range_min_string[128], range_max_string[128],
data/ncview-2.1.8+ds/src/interface/range.c:397:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstr[132], *sptr;
data/ncview-2.1.8+ds/src/interface/range.c:425:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstr[100];
data/ncview-2.1.8+ds/src/interface/set_options.c:46:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char overlay_filename[ OVERLAY_FILENAME_LEN ];
data/ncview-2.1.8+ds/src/interface/set_options.c:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_message[ 2040 ];
data/ncview-2.1.8+ds/src/interface/set_options.c:281:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmap_widget_name[1024];
data/ncview-2.1.8+ds/src/interface/set_options.c:599:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filename, overlay_base_dir[1024];
data/ncview-2.1.8+ds/src/interface/set_options.c:1026:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_message[ 2040 ];
data/ncview-2.1.8+ds/src/interface/x_interface.c:457:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char program_title[132];
data/ncview-2.1.8+ds/src/interface/x_interface.c:1257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024], widget_name[1024], var_menu_name[1024];
data/ncview-2.1.8+ds/src/interface/x_interface.c:1313:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char widget_name[2048];
data/ncview-2.1.8+ds/src/interface/x_interface.c:1411:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char widget_name[2048];
data/ncview-2.1.8+ds/src/interface/x_interface.c:1479:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char widget_name[128];
data/ncview-2.1.8+ds/src/interface/x_interface.c:2562:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_label[ 132 ];
data/ncview-2.1.8+ds/src/interface/x_interface.c:2861:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char widget_name[ 64 ];
data/ncview-2.1.8+ds/src/interface/x_interface.c:3096:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_label[132];
data/ncview-2.1.8+ds/src/interface/x_interface.c:3170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char widget_name[128];
data/ncview-2.1.8+ds/src/interface/x_interface.c:3667:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[2048];
data/ncview-2.1.8+ds/src/interface/x_interface.c:3682:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (out_file = fopen( filename, "wb" )) == NULL ) {
data/ncview-2.1.8+ds/src/ncview.c:161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufr[1000], *comma_ptr;
data/ncview-2.1.8+ds/src/ncview.c:203:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
options.calendar = (char *)malloc( strlen(argv[i+1] + 2));
data/ncview-2.1.8+ds/src/ncview.c:548:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char r[256], g[256], b[256];
data/ncview-2.1.8+ds/src/ncview.c:569:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[ 128 ], *long_file_name;
data/ncview-2.1.8+ds/src/ncview.c:570:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char r[256], g[256], b[256];
data/ncview-2.1.8+ds/src/ncview.c:593:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (cmap_file = fopen( long_file_name, "r" )) == NULL ) {
data/ncview-2.1.8+ds/src/ncview.defines.h:556:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char font_name[132], /* Postscript name */
data/ncview-2.1.8+ds/src/ncview.protos.h:164:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void in_create_colormap ( char *name, ncv_pixel r[256], ncv_pixel g[256], ncv_pixel b[256] );
data/ncview-2.1.8+ds/src/ncview.protos.h:413:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void x_create_colormap( char *name, unsigned char r[256], unsigned char g[256], unsigned char b[256] );
data/ncview-2.1.8+ds/src/ncview.protos.h:413:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void x_create_colormap( char *name, unsigned char r[256], unsigned char g[256], unsigned char b[256] );
data/ncview-2.1.8+ds/src/ncview.protos.h:413:69: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void x_create_colormap( char *name, unsigned char r[256], unsigned char g[256], unsigned char b[256] );
data/ncview-2.1.8+ds/src/ncview.protos.h:413:91: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void x_create_colormap( char *name, unsigned char r[256], unsigned char g[256], unsigned char b[256] );
data/ncview-2.1.8+ds/src/overlay.c:193:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cval[1024];
data/ncview-2.1.8+ds/src/overlay.c:315:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_mess[1024], line[80], *id_string="NCVIEW-OVERLAY";
data/ncview-2.1.8+ds/src/overlay.c:323:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (f = fopen(overlay_fname, "r")) == NULL ) {
data/ncview-2.1.8+ds/src/stringlist.c:557:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[4001];
data/ncview-2.1.8+ds/src/stringlist.c:623:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[4001];
data/ncview-2.1.8+ds/src/stringlist.c:669:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t_index[4000], t_string[4000], t_aux_type[4000], t_aux_val[4000],
data/ncview-2.1.8+ds/src/udu.c:115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cval0[1024], cval1[1024];
data/ncview-2.1.8+ds/src/udu.c:212:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char last_units[1024];
data/ncview-2.1.8+ds/src/udu.c:213:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char months[12][4] = { "Jan\0", "Feb\0", "Mar\0", "Apr\0",
data/ncview-2.1.8+ds/src/utCalendar2_cal.c:73:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *unknown_cal_emitted_warning_for[ UTC2_MAX_UNKCAL_WARNS ];
data/ncview-2.1.8+ds/src/utCalendar2_cal.c:462:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char daystr[1024];
data/ncview-2.1.8+ds/src/utCalendar2_cal.c:492:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char daystr[1024];
data/ncview-2.1.8+ds/src/utCalendar2_cal.c:560:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ustr[1024];
data/ncview-2.1.8+ds/src/util.c:69:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *month_name[12] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
data/ncview-2.1.8+ds/src/util.c:156:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( (*el)->filename, "UNINITIALIZED" );
data/ncview-2.1.8+ds/src/util.c:212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_message[1024];
data/ncview-2.1.8+ds/src/util.c:760:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[ 1024 ];
data/ncview-2.1.8+ds/src/util.c:940:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *coord_att, *s, orig_coord_att[1024];
data/ncview-2.1.8+ds/src/util.c:1540:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_str[1024];
data/ncview-2.1.8+ds/src/util.c:2081:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024];
data/ncview-2.1.8+ds/src/util.c:2083:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (f = fopen(fname, "r")) == NULL )
data/ncview-2.1.8+ds/src/util.c:2126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[128];
data/ncview-2.1.8+ds/src/util.c:2323:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char group_name[ MAX_NC_NAME*20 ]; /* Assume no more than 20 levels of groups */
data/ncview-2.1.8+ds/src/util.c:2370:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[MAX_NC_NAME];
data/ncview-2.1.8+ds/src/view.c:370:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scalar_coord_str[1024];
data/ncview-2.1.8+ds/src/view.c:509:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[1024], view_place[1024], scalar_coord_str[1024];
data/ncview-2.1.8+ds/src/view.c:552:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( view_place, " -> " );
data/ncview-2.1.8+ds/src/view.c:570:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( view_place, " -> " );
data/ncview-2.1.8+ds/src/view.c:759:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024], rate_units[50];
data/ncview-2.1.8+ds/src/view.c:825:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( rate_units, "/sec" );
data/ncview-2.1.8+ds/src/view.c:829:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( rate_units, "/min" );
data/ncview-2.1.8+ds/src/view.c:833:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( rate_units, "/hour" );
data/ncview-2.1.8+ds/src/view.c:838:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( rate_units, "/day" );
data/ncview-2.1.8+ds/src/view.c:1169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blowup_label[32];
data/ncview-2.1.8+ds/src/view.c:1251:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[1024];
data/ncview-2.1.8+ds/src/view.c:1329:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scan_dim[256];
data/ncview-2.1.8+ds/src/view.c:1567:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_label[4096], extra_label[4096];
data/ncview-2.1.8+ds/src/view.c:1644:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_message[132];
data/ncview-2.1.8+ds/src/view.c:1966:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char range_label[256], temp_label[256];
data/ncview-2.1.8+ds/src/view.c:2065:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[1024], *dim_name;
data/ncview-2.1.8+ds/src/view.c:2147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_value_label[80], temp_string[1024];
data/ncview-2.1.8+ds/src/view.c:2148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xdim_str[80], ydim_str[80];
data/ncview-2.1.8+ds/src/view.c:2243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *funits, tstr[1024], v1[100], v2[100];
data/ncview-2.1.8+ds/src/view.c:2297:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( tstr, "; " );
data/ncview-2.1.8+ds/src/view.c:2318:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_value_label[80], temp[80];
data/ncview-2.1.8+ds/src/view.c:2530:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[132], *dim_name, *var_name;
data/ncview-2.1.8+ds/src/view.c:2539:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( filename, "dump.data" );
data/ncview-2.1.8+ds/src/view.c:2682:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024];
data/ncview-2.1.8+ds/src/view.c:2737:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_axis_title[132], y_axis_title[132], temp2_string[128], legend[512];
data/ncview-2.1.8+ds/src/view.c:2738:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[512], *file_title, temp_string[128], *dim_name, *units, *long_name;
data/ncview-2.1.8+ds/src/view.c:2739:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[512];
data/ncview-2.1.8+ds/src/view.c:2884:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( x_axis_title, " (" );
data/ncview-2.1.8+ds/src/view.c:2914:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( y_axis_title, " (" );
data/ncview-2.1.8+ds/src/view.c:2926:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( title, " from " );
data/ncview-2.1.8+ds/src/view.c:2938:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( legend, ", " );
data/ncview-2.1.8+ds/src/view.c:2942:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( legend, ") = (" );
data/ncview-2.1.8+ds/src/view.c:2947:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( legend, ", " );
data/ncview-2.1.8+ds/src/SciPlot.c:231:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new->plot.xlabel=(char *)XtMalloc(strlen(new->plot.TransientXLabel)+1);
data/ncview-2.1.8+ds/src/SciPlot.c:233:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new->plot.ylabel=(char *)XtMalloc(strlen(new->plot.TransientYLabel)+1);
data/ncview-2.1.8+ds/src/SciPlot.c:235:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new->plot.plotTitle=(char *)XtMalloc(strlen(new->plot.TransientPlotTitle)+1);
data/ncview-2.1.8+ds/src/SciPlot.c:331:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new->plot.xlabel=(char *)XtMalloc(strlen(new->plot.TransientXLabel)+1);
data/ncview-2.1.8+ds/src/SciPlot.c:337:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new->plot.ylabel=(char *)XtMalloc(strlen(new->plot.TransientYLabel)+1);
data/ncview-2.1.8+ds/src/SciPlot.c:343:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new->plot.plotTitle=(char *)XtMalloc(strlen(new->plot.TransientPlotTitle)+1);
data/ncview-2.1.8+ds/src/SciPlot.c:526:15: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (!bold) strcat(temp,"-");
data/ncview-2.1.8+ds/src/SciPlot.c:534:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (strlen(temp) + strlen("/ findfont 999999999 scalefont ")) > str_len ) {
data/ncview-2.1.8+ds/src/SciPlot.c:534:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (strlen(temp) + strlen("/ findfont 999999999 scalefont ")) > str_len ) {
data/ncview-2.1.8+ds/src/SciPlot.c:714:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (real)XTextWidth(f,c,strlen(c));
data/ncview-2.1.8+ds/src/SciPlot.c:795:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str,strlen(str));
data/ncview-2.1.8+ds/src/SciPlot.c:1303:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(titles);
data/ncview-2.1.8+ds/src/SciPlot.c:1610:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item->kind.text.length=strlen(text);
data/ncview-2.1.8+ds/src/SciPlot.c:1654:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item->kind.text.length=strlen(text);
data/ncview-2.1.8+ds/src/SciPlot.c:1829:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p->legend=(char *)XtMalloc(strlen(legend)+1);
data/ncview-2.1.8+ds/src/calcalcs.c:126:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (strlen(calname) >= 11) && (calname[8] == '_')) {
data/ncview-2.1.8+ds/src/calcalcs.c:141:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval->name = (char *)malloc( sizeof(char) * (strlen(calname)+1) );
data/ncview-2.1.8+ds/src/calcalcs.c:185:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval->name = (char *)malloc( sizeof(char) * (strlen(calname)+1) );
data/ncview-2.1.8+ds/src/calcalcs.c:225:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval->name = (char *)malloc( sizeof(char) * (strlen(calname)+1) );
data/ncview-2.1.8+ds/src/calcalcs.c:249:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval->name = (char *)malloc( sizeof(char) * (strlen(calname)+1) );
data/ncview-2.1.8+ds/src/calcalcs.c:270:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval->name = (char *)malloc( sizeof(char) * (strlen(calname)+1) );
data/ncview-2.1.8+ds/src/calcalcs.c:292:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval->name = (char *)malloc( sizeof(char) * (strlen("noleap")+1) );
data/ncview-2.1.8+ds/src/calcalcs.c:312:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval->name = (char *)malloc( sizeof(char) * (strlen(calname)+1) );
data/ncview-2.1.8+ds/src/calcalcs.c:757:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ccs_xition_dates[ccs_n_country_codes]->code = (char *)malloc( sizeof(char) * (strlen(code)+1) );
data/ncview-2.1.8+ds/src/calcalcs.c:765:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ccs_xition_dates[ccs_n_country_codes]->longname = (char *)malloc( sizeof(char) * (strlen(longname)+1) );
data/ncview-2.1.8+ds/src/calcalcs.c:859:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (strlen(error_message) + strlen(ccs_xition_dates[i]->code) + strlen(ccs_xition_dates[i]->longname) + 10) < CCS_ERROR_MESSAGE_LEN ) {
data/ncview-2.1.8+ds/src/calcalcs.c:859:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (strlen(error_message) + strlen(ccs_xition_dates[i]->code) + strlen(ccs_xition_dates[i]->longname) + 10) < CCS_ERROR_MESSAGE_LEN ) {
data/ncview-2.1.8+ds/src/calcalcs.c:859:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (strlen(error_message) + strlen(ccs_xition_dates[i]->code) + strlen(ccs_xition_dates[i]->longname) + 10) < CCS_ERROR_MESSAGE_LEN ) {
data/ncview-2.1.8+ds/src/do_print.c:237:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( tstr, ")" );
data/ncview-2.1.8+ds/src/do_print.c:256:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( tstr, ")" );
data/ncview-2.1.8+ds/src/do_print.c:269:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( tstr, ")" );
data/ncview-2.1.8+ds/src/do_print.c:320:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( tstr, " " );
data/ncview-2.1.8+ds/src/do_print.c:342:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( tstr, " " );
data/ncview-2.1.8+ds/src/file_netcdf.c:55:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(dest) >= (dest_len-1) ) {
data/ncview-2.1.8+ds/src/file_netcdf.c:60:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nfree = (dest_len-1) - strlen(dest); /* Must be >= 1 */
data/ncview-2.1.8+ds/src/file_netcdf.c:61:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( dest, src, nfree );
data/ncview-2.1.8+ds/src/file_netcdf.c:185:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
grp_var_name = (char *)malloc( sizeof(char) * (strlen(var_name) + strlen(groupname) + 10) );
data/ncview-2.1.8+ds/src/file_netcdf.c:185:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
grp_var_name = (char *)malloc( sizeof(char) * (strlen(var_name) + strlen(groupname) + 10) );
data/ncview-2.1.8+ds/src/file_netcdf.c:187:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (strlen(groupname) == 0) || ((strlen(groupname) == 1) && (groupname[0] == '/' )))
data/ncview-2.1.8+ds/src/file_netcdf.c:187:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (strlen(groupname) == 0) || ((strlen(groupname) == 1) && (groupname[0] == '/' )))
data/ncview-2.1.8+ds/src/file_netcdf.c:192:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( grp_var_name, "/" );
data/ncview-2.1.8+ds/src/file_netcdf.c:683:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i=0; i<strlen(varname); i++ ) {
data/ncview-2.1.8+ds/src/handle_rc_file.c:85:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(homedir) > 1900 ) {
data/ncview-2.1.8+ds/src/handle_rc_file.c:167:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(homedir) > 1900 ) {
data/ncview-2.1.8+ds/src/interface/cbar.c:548:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i=0; i<strlen(s); i++ )
data/ncview-2.1.8+ds/src/interface/cbar.c:576:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( j=end_special; j<strlen(s); j++ )
data/ncview-2.1.8+ds/src/interface/cbar.c:583:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i=0; i<strlen(s); i++ )
data/ncview-2.1.8+ds/src/interface/cbar.c:818:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i=0; i<strlen(s); i++ )
data/ncview-2.1.8+ds/src/interface/colormap_funcs.c:97:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newel->name = (char *)malloc( sizeof(char)*(strlen(el->name)+1));
data/ncview-2.1.8+ds/src/interface/colormap_funcs.c:269:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( sl->string ) > 900 ) {
data/ncview-2.1.8+ds/src/interface/colormap_funcs.c:299:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(cm->name) > 900 ) {
data/ncview-2.1.8+ds/src/interface/colormap_funcs.c:390:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmaplist->name = (char *)malloc( (strlen(name)+1)*sizeof(char) );
data/ncview-2.1.8+ds/src/interface/colormap_funcs.c:397:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(name) > 1000 ) {
data/ncview-2.1.8+ds/src/interface/colormap_funcs.c:746:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( cursor->name ) > 1000 ) {
data/ncview-2.1.8+ds/src/interface/display_info.c:88:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XtNlength, strlen(s),
data/ncview-2.1.8+ds/src/interface/filesel.c:309:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( retval_buf, "/" );
data/ncview-2.1.8+ds/src/interface/filesel.c:351:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(dir_entry->d_name) + 6; /* add space for NULL and trailing slash */
data/ncview-2.1.8+ds/src/interface/filesel.c:403:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(s+i) = (char *)malloc( strlen( sl->string )+1 );
data/ncview-2.1.8+ds/src/interface/range.c:463:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tstr = XtMalloc( strlen(widget_str)+1 );
data/ncview-2.1.8+ds/src/interface/range.c:467:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*length_return = strlen(*value_return)+1;
data/ncview-2.1.8+ds/src/interface/range.c:487:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tstr = XtMalloc( strlen(widget_str)+1 );
data/ncview-2.1.8+ds/src/interface/range.c:491:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*length_return = strlen(*value_return)+1;
data/ncview-2.1.8+ds/src/interface/set_options.c:604:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(filename) >= OVERLAY_FILENAME_LEN ) {
data/ncview-2.1.8+ds/src/interface/set_options.c:606:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(filename), OVERLAY_FILENAME_LEN );
data/ncview-2.1.8+ds/src/interface/x_interface.c:1267:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i=0; i<strlen(var_menu_name); i++ )
data/ncview-2.1.8+ds/src/interface/x_interface.c:1342:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if( strncmp( var_cursor->name, group_cursor->string, strlen(group_cursor->string) ) == 0 ) {
data/ncview-2.1.8+ds/src/interface/x_interface.c:1349:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( var_cursor->name[ strlen(group_cursor->string) ] == '/' ) {
data/ncview-2.1.8+ds/src/interface/x_interface.c:2436:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
widget_name += strlen( "varsel_" );
data/ncview-2.1.8+ds/src/interface/x_interface.c:2821:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i=strlen(y_prefix); *(new_ydim_name+i) != '\0'; i++ )
data/ncview-2.1.8+ds/src/interface/x_interface.c:2822:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(new_ydim_name+i-strlen(y_prefix)) = *(new_ydim_name+i);
data/ncview-2.1.8+ds/src/interface/x_interface.c:2823:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(new_ydim_name+i-strlen(y_prefix)) = '\0';
data/ncview-2.1.8+ds/src/interface/x_interface.c:2824:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i=strlen(x_prefix); *(new_xdim_name+i) != '\0'; i++ )
data/ncview-2.1.8+ds/src/interface/x_interface.c:2825:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(new_xdim_name+i-strlen(x_prefix)) = *(new_xdim_name+i);
data/ncview-2.1.8+ds/src/interface/x_interface.c:2826:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(new_xdim_name+i-strlen(x_prefix)) = '\0';
data/ncview-2.1.8+ds/src/ncview.c:203:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
options.calendar = (char *)malloc( strlen(argv[i+1] + 2));
data/ncview-2.1.8+ds/src/ncview.c:320:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(argv[i]) > 900 ) {
data/ncview-2.1.8+ds/src/ncview.c:325:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( bufr, argv[i], n );
data/ncview-2.1.8+ds/src/ncview.c:459:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nc = strlen( s );
data/ncview-2.1.8+ds/src/ncview.c:577:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
colormap_name = (char *)malloc( strlen(file_name)-(n_suffix-1) );
data/ncview-2.1.8+ds/src/ncview.c:578:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( colormap_name, file_name, strlen(file_name)-n_suffix );
data/ncview-2.1.8+ds/src/ncview.c:578:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy( colormap_name, file_name, strlen(file_name)-n_suffix );
data/ncview-2.1.8+ds/src/ncview.c:579:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(colormap_name + strlen(file_name)-n_suffix) = '\0';
data/ncview-2.1.8+ds/src/ncview.c:590:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(file_name) + strlen(dir_name) + 5; /* add space for intermediate slash and trailing NULL */
data/ncview-2.1.8+ds/src/ncview.c:590:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(file_name) + strlen(dir_name) + 5; /* add space for intermediate slash and trailing NULL */
data/ncview-2.1.8+ds/src/overlay.c:98:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (custom_filename == NULL) || (strlen(custom_filename) == 0)) {
data/ncview-2.1.8+ds/src/overlay.c:160:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(NCVIEW_LIB_DIR) >= n ) {
data/ncview-2.1.8+ds/src/overlay.c:166:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( overlay_base_dir, "." );
data/ncview-2.1.8+ds/src/overlay.c:171:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(dir) >= n ) {
data/ncview-2.1.8+ds/src/overlay.c:338:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i=0; i<strlen(id_string); i++ )
data/ncview-2.1.8+ds/src/stringlist.c:207:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen( (char *)aux );
data/ncview-2.1.8+ds/src/stringlist.c:479:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(new_string) > STRINGLIST_MAX_LEN ) {
data/ncview-2.1.8+ds/src/stringlist.c:495:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (sltype == SLTYPE_STRING) && (strlen( (char *)aux ) > STRINGLIST_MAX_LEN) ) {
data/ncview-2.1.8+ds/src/stringlist.c:528:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(new_string) > STRINGLIST_MAX_LEN ) {
data/ncview-2.1.8+ds/src/stringlist.c:533:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_el->string = (char *)malloc( strlen( new_string )+1);
data/ncview-2.1.8+ds/src/stringlist.c:590:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[ strlen(line)-1 ] = '\0';
data/ncview-2.1.8+ds/src/stringlist.c:634:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (strlen(line)>2) && (line[0] != '\0') && (line[0] != '#' )) {
data/ncview-2.1.8+ds/src/stringlist.c:637:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[ strlen(line)-1 ] = '\0';
data/ncview-2.1.8+ds/src/stringlist.c:689:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( t_index, line+index0, index1-index0+1 );
data/ncview-2.1.8+ds/src/stringlist.c:692:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( t_string, line+string0, string1-string0+1 );
data/ncview-2.1.8+ds/src/stringlist.c:694:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(t_string) > STRINGLIST_MAX_LEN ) {
data/ncview-2.1.8+ds/src/stringlist.c:696:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
STRINGLIST_MAX_LEN, strlen(t_string), lineno );
data/ncview-2.1.8+ds/src/stringlist.c:701:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( t_aux_type, line+aux_type0, aux_type1-aux_type0+1 );
data/ncview-2.1.8+ds/src/stringlist.c:704:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( t_aux_val, line+aux_val0, aux_val1-aux_val0+1 );
data/ncview-2.1.8+ds/src/stringlist.c:774:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(t_aux_val_ue) > STRINGLIST_MAX_LEN ) {
data/ncview-2.1.8+ds/src/stringlist.c:776:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
STRINGLIST_MAX_LEN, strlen(t_aux_val_ue), lineno );
data/ncview-2.1.8+ds/src/stringlist.c:810:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen( line );
data/ncview-2.1.8+ds/src/stringlist.c:977:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( cursor->string ) > STRINGLIST_MAX_LEN ) {
data/ncview-2.1.8+ds/src/stringlist.c:982:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (cursor->sltype == SLTYPE_STRING) && (strlen( (char *)(cursor->aux) ) > STRINGLIST_MAX_LEN) ) {
data/ncview-2.1.8+ds/src/stringlist.c:1144:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(ss) == 0 ) {
data/ncview-2.1.8+ds/src/stringlist.c:1151:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval = (char *)malloc( sizeof(char)*strlen(ss) + 1 );
data/ncview-2.1.8+ds/src/stringlist.c:1153:126: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf( stderr, "Error in stringlist routine stringlist_unescape_string: could not allocate new string of length %ld\n", (strlen(ss)+1) );
data/ncview-2.1.8+ds/src/stringlist.c:1158:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( ii=0; ii<strlen(ss); ii++ ) {
data/ncview-2.1.8+ds/src/stringlist.c:1182:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(ss) == 0 ) {
data/ncview-2.1.8+ds/src/stringlist.c:1189:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval = (char *)malloc( sizeof(char) * 2 * (strlen(ss)+1) );
data/ncview-2.1.8+ds/src/stringlist.c:1191:128: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf( stderr, "Error in stringlist routine stringlist_escape_string: could not allocate new string of length %ld\n", 2 * (strlen(ss)+1) );
data/ncview-2.1.8+ds/src/stringlist.c:1196:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( ii=0; ii<strlen(ss); ii++ ) {
data/ncview-2.1.8+ds/src/udu.c:226:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (strlen(dim->units) > 1023) || strcmp(dim->units,last_units) != 0 ) {
data/ncview-2.1.8+ds/src/udu.c:235:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( last_units, dim->units, 1023 );
data/ncview-2.1.8+ds/src/udu.c:285:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ul_new->name = (char *)malloc(strlen(units)+1);
data/ncview-2.1.8+ds/src/udu.c:301:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ul_new->name = (char *)malloc(strlen(units)+1);
data/ncview-2.1.8+ds/src/utCalendar2_cal.c:114:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (dataunits_str == NULL) || (strlen(dataunits_str) == 0)) {
data/ncview-2.1.8+ds/src/utCalendar2_cal.c:221:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prev_calendar = (char *)malloc( sizeof(char) * (strlen(cal2use->name)+1 ));
data/ncview-2.1.8+ds/src/utCalendar2_cal.c:224:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prev_dataunits_str = (char *)malloc( sizeof(char) * (strlen(dataunits_str)+1 ));
data/ncview-2.1.8+ds/src/utCalendar2_cal.c:414:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prev_calendar = (char *)malloc( sizeof(char) * (strlen(cal2use->name)+1 ));
data/ncview-2.1.8+ds/src/utCalendar2_cal.c:417:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prev_user_unit_str = (char *)malloc( sizeof(char) * (strlen(user_unit_str)+1 ));
data/ncview-2.1.8+ds/src/utCalendar2_cal.c:647:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (name == NULL) || (strlen(name) == 0))
data/ncview-2.1.8+ds/src/utCalendar2_cal.c:668:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_index = strlen(name); /* some arbitrary value */
data/ncview-2.1.8+ds/src/utCalendar2_cal.c:683:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
known_cal_name[new_index] = (char *)malloc( sizeof(char) * (strlen(name)+1 ));
data/ncview-2.1.8+ds/src/utCalendar2_cal.c:698:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (s == NULL) || (strlen(s) < 6)) /* have to have at least room for since and a year */
data/ncview-2.1.8+ds/src/utCalendar2_cal.c:702:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(s);
data/ncview-2.1.8+ds/src/utCalendar2_cal.c:736:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( year_digits, s+ifnbss, nyd );
data/ncview-2.1.8+ds/src/utCalendar2_cal.c:767:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unknown_cal_emitted_warning_for[ n_unkcal ] = (char *)malloc( sizeof(char) * (strlen(calendar_name)+1 ));
data/ncview-2.1.8+ds/src/util.c:427:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(filename) > (MAX_FILE_NAME_LEN-1)) {
data/ncview-2.1.8+ds/src/util.c:446:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_var->name = (char *)malloc( strlen(var_name)+1 );
data/ncview-2.1.8+ds/src/util.c:959:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(coord_att) > 1020 )
data/ncview-2.1.8+ds/src/util.c:960:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( orig_coord_att, coord_att, 1020 );
data/ncview-2.1.8+ds/src/util.c:1048:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmi->coord_var_name = (char *)malloc( sizeof(char) * (strlen(coord_var_name) + 1));
data/ncview-2.1.8+ds/src/util.c:1089:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
map_info->coord_att = (char *)malloc( sizeof(char)*(strlen(coord_att)+2));
data/ncview-2.1.8+ds/src/util.c:1102:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
map_info->coord_var_name = (char *)malloc( strlen(coord_var_name) + 2 );
data/ncview-2.1.8+ds/src/util.c:2061:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(s)-1;
data/ncview-2.1.8+ds/src/util.c:2066:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(s) > MAX_DISPLAYED_STRING_LENGTH )
data/ncview-2.1.8+ds/src/util.c:2112:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(d->units) >= 5) &&
data/ncview-2.1.8+ds/src/util.c:2215:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s1_lc = (char *)malloc(strlen(s1)+1);
data/ncview-2.1.8+ds/src/util.c:2216:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s2_lc = (char *)malloc(strlen(s2)+1);
data/ncview-2.1.8+ds/src/util.c:2218:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i=0; i<strlen(s1); i++ )
data/ncview-2.1.8+ds/src/util.c:2221:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i=0; i<strlen(s2); i++ )
data/ncview-2.1.8+ds/src/util.c:2245:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(s_in);
data/ncview-2.1.8+ds/src/util.c:2307:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i=0; i<strlen(s); i++ )
data/ncview-2.1.8+ds/src/util.c:2374:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i=0; i<strlen(varname); i++ ) {
data/ncview-2.1.8+ds/src/util.c:2390:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( groupname, "/" );
data/ncview-2.1.8+ds/src/view.c:557:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( view_place, ")" );
data/ncview-2.1.8+ds/src/view.c:575:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( view_place, ")" );
data/ncview-2.1.8+ds/src/view.c:841:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i=0; i<strlen(message); i++ )
data/ncview-2.1.8+ds/src/view.c:1436:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( new_dim_name ) == 0 ) {
data/ncview-2.1.8+ds/src/view.c:2216:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( xdim_str, temp_string, 80 );
data/ncview-2.1.8+ds/src/view.c:2227:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( ydim_str, temp_string, 80 );
data/ncview-2.1.8+ds/src/view.c:2300:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
space_avail = (slen-2) - strlen(str);
data/ncview-2.1.8+ds/src/view.c:2302:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(tstr) < space_avail )
data/ncview-2.1.8+ds/src/view.c:2881:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( x_axis_title, (*(view->variable->dim + dim_to_plot))->name, 100 );
data/ncview-2.1.8+ds/src/view.c:2886:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( x_axis_title, ")" );
data/ncview-2.1.8+ds/src/view.c:2911:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( y_axis_title, view->variable->name, 100 );
data/ncview-2.1.8+ds/src/view.c:2916:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( y_axis_title, ")" );
data/ncview-2.1.8+ds/src/view.c:2922:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( title, long_name, 200 );
data/ncview-2.1.8+ds/src/view.c:2924:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( title, view->variable->name, 200 );
data/ncview-2.1.8+ds/src/view.c:2939:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( legend, (*(view->variable->dim + i))->name, 100 );
data/ncview-2.1.8+ds/src/view.c:2952:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( legend, temp2_string, 100 );
data/ncview-2.1.8+ds/src/view.c:2955:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( legend, temp_string, 100 );
data/ncview-2.1.8+ds/src/view.c:2958:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( legend, ")" );
data/ncview-2.1.8+ds/src/view.c:3192:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(s) - 1;
ANALYSIS SUMMARY:
Hits = 481
Lines analyzed = 69719 in approximately 6.63 seconds (10508 lines/second)
Physical Source Lines of Code (SLOC) = 60879
Hits@level = [0] 2016 [1] 169 [2] 196 [3] 7 [4] 109 [5] 0
Hits@level+ = [0+] 2497 [1+] 481 [2+] 312 [3+] 116 [4+] 109 [5+] 0
Hits/KSLOC@level+ = [0+] 41.0158 [1+] 7.90092 [2+] 5.12492 [3+] 1.90542 [4+] 1.79044 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.