Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/njplot-2.4/njplot-vib.c
Examining data/njplot-2.4/unrooted-vib.c
Examining data/njplot-2.4/preptree.c
FINAL RESULTS:
data/njplot-2.4/njplot-vib.c:856:27: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(dir,deb); ltot=strlen(dir); }
data/njplot-2.4/njplot-vib.c:868:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dir+ltot+1,fname); /* now dir is appended with filename */
data/njplot-2.4/njplot-vib.c:958:41: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(strncmp(ligne, "Version:", 8) == 0) sprintf(ligne, "Version: %s\n", NJPLOTVERSION);
data/njplot-2.4/njplot-vib.c:959:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, ligne); p += strlen(ligne);
data/njplot-2.4/njplot-vib.c:982:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(topic, ligne + 3);
data/njplot-2.4/njplot-vib.c:1177:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(font_full_name, "%s,%d", list_font_name[fd_nj_plot->font_family_rank],
data/njplot-2.4/njplot-vib.c:1183:47: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if((p = strchr(font_full_name, ',')) != NULL) strcpy(fd_nj_plot->font_bold_italic, p + 1);
data/njplot-2.4/njplot-vib.c:1238:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(plotfilename, fd_nj_plot->tree_name);
data/njplot-2.4/njplot-vib.c:1282:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rooted_fname, fd_nj_plot->tree_name);
data/njplot-2.4/njplot-vib.c:1285:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ajout, unrooted ? "_noroot." : "_root.");
data/njplot-2.4/njplot-vib.c:1289:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, ajout);
data/njplot-2.4/njplot-vib.c:1296:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( strchr(extract_filename(rooted_fname), '.'), p);
data/njplot-2.4/njplot-vib.c:1312:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mess, "Sorry, cannot write to file %s",
data/njplot-2.4/njplot-vib.c:1668:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(select, (char *)item);
data/njplot-2.4/njplot-vib.c:1674:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(aux, (fd_nj_plot->noms+num)->nom);
data/njplot-2.4/njplot-vib.c:1705:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(message, pname);
data/njplot-2.4/njplot-vib.c:1707:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(message, extract_filename(fname) );
data/njplot-2.4/njplot-vib.c:1719:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(titre_l, displayname );
data/njplot-2.4/njplot-vib.c:1830:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(current_ps_font, list_ps_font_name[font_num]);
data/njplot-2.4/njplot-vib.c:1859:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(plotfilename, fname);
data/njplot-2.4/njplot-vib.c:1949:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(message,
data/njplot-2.4/njplot-vib.c:2551:41: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(strncmp(ligne, "Version:", 8) == 0) sprintf(ligne, "Version: %s\n", NJPLOTVERSION);
data/njplot-2.4/njplot-vib.c:2552:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, ligne); p += strlen(ligne);
data/njplot-2.4/njplot-vib.c:2709:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if( !erreur ) sprintf(mess, "Tree plot is now in file %s in PDF format",
data/njplot-2.4/njplot-vib.c:2711:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(mess, "Error while writing to file %s",
data/njplot-2.4/njplot-vib.c:2741:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ligne, "njplot %s %s", text, ctime(&heure) );
data/njplot-2.4/njplot-vib.c:2858:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "Tree file %s not found.", fname);
data/njplot-2.4/njplot-vib.c:2942:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, tty_prefix);
data/njplot-2.4/njplot-vib.c:2943:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p, fd_nj_plot->labels[i]);
data/njplot-2.4/njplot-vib.c:3669:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fd_nj_plot->tabnames[i] + j, fd_nj_plot->labels[i]);
data/njplot-2.4/njplot-vib.c:3927:31: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(fd_nj_plot->has_br_length) sprintf(p, "(%s:%.5f,%s:%.5f,%s%s:%.5f);", p1, l1, p2, l2, p3, bootstrap, l3);
data/njplot-2.4/njplot-vib.c:3928:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(p, "(%s,%s,%s%s);", p1, p2, p3, bootstrap);
data/njplot-2.4/njplot-vib.c:4092:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "Error opening %s for writing\n", plotfilename);
data/njplot-2.4/njplot-vib.c:4159:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mess,
data/njplot-2.4/njplot-vib.c:4164:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mess, "Error while writing to file %s",
data/njplot-2.4/njplot-vib.c:4203:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "Error opening %s for writing\n", plotfilename);
data/njplot-2.4/njplot-vib.c:4255:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bigline, "%s %s Page %d of %d", extract_filename(fd_nj_plot->tree_name), ctime(&heure), page+1, page_count);
data/njplot-2.4/njplot-vib.c:4280:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bigline, "Error while writing pdf file: [%d] %s: %s",
data/njplot-2.4/njplot-vib.c:4293:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mess,
data/njplot-2.4/unrooted-vib.c:300:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname,argv[1]);
data/njplot-2.4/unrooted-vib.c:555:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(font_full_name, "%s,%d", list_font_name[font_num],
data/njplot-2.4/unrooted-vib.c:564:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(current_ps_font, list_font_name[font_num]);
data/njplot-2.4/unrooted-vib.c:677:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(tips != 0) sprintf(tmp, "%s (%d tips)", file, tips + 1);
data/njplot-2.4/unrooted-vib.c:875:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, tmpfname);
data/njplot-2.4/unrooted-vib.c:880:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, pasted_title);
data/njplot-2.4/unrooted-vib.c:910:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(plotfilename,fname);
data/njplot-2.4/unrooted-vib.c:989:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "Problem writing PDF file %s", plotfilename);
data/njplot-2.4/unrooted-vib.c:996:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "The tree is now in file %s "
data/njplot-2.4/unrooted-vib.c:1007:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, titre);
data/njplot-2.4/unrooted-vib.c:1027:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mess, pname); strcat(mess, fname);
data/njplot-2.4/unrooted-vib.c:1027:30: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcpy(mess, pname); strcat(mess, fname);
data/njplot-2.4/unrooted-vib.c:1466:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(aux, branches[num].nom);
data/njplot-2.4/unrooted-vib.c:1509:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ligne, "unrooted %s %s", text, ctime(&heure) );
data/njplot-2.4/njplot-vib.c:92:9: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
#define tempnam _tempnam
data/njplot-2.4/njplot-vib.c:831:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
path = getenv("PATH"); /* get the list of path directories,
data/njplot-2.4/njplot-vib.c:1559:12: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
tmpfname = tempnam(NULL, "njplottemp_");
data/njplot-2.4/unrooted-vib.c:36:9: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
#define tempnam _tempnam
data/njplot-2.4/unrooted-vib.c:871:12: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
tmpfname = tempnam(NULL, "unrootedtemp_");
data/njplot-2.4/njplot-vib.c:242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char font_bold_italic[3];
data/njplot-2.4/njplot-vib.c:400:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_ps_font[40];
data/njplot-2.4/njplot-vib.c:403:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list_font_name[4][40] = {"", "Times New Roman", "Lucida Sans", "Courier New"};
data/njplot-2.4/njplot-vib.c:406:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list_font_name[4][15] = {"", "Times", "Helvetica", "Courier"};
data/njplot-2.4/njplot-vib.c:409:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list_ps_font_name[4][15] = {"", "Times", "Helvetica", "Courier"};
data/njplot-2.4/njplot-vib.c:411:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plotfilename[200], rooted_fname[200];
data/njplot-2.4/njplot-vib.c:511:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(p, "/njplot.help");
data/njplot-2.4/njplot-vib.c:512:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
help_file = fopen(p, "r");
data/njplot-2.4/njplot-vib.c:515:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
help_file = fopen(HELPFILENAME, "r");
data/njplot-2.4/njplot-vib.c:520:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tag_njplot, "NJPL", sizeof(int));
data/njplot-2.4/njplot-vib.c:521:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tag_help, "HELP", sizeof(int));
data/njplot-2.4/njplot-vib.c:665:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ Nlm_IteM item; char nom[25];
data/njplot-2.4/njplot-vib.c:667:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nom, "Page count (%d)", page_count);
data/njplot-2.4/njplot-vib.c:671:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char nom[25];
data/njplot-2.4/njplot-vib.c:672:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nom, "Page count (%d)", page_count);
data/njplot-2.4/njplot-vib.c:823:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dir[Mxdir+1];
data/njplot-2.4/njplot-vib.c:841:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fich = fopen(fname,"r");
data/njplot-2.4/njplot-vib.c:869:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fich = fopen(dir,"r");
data/njplot-2.4/njplot-vib.c:877:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fich=fopen(fname,"r"); /* try also current directory */
data/njplot-2.4/njplot-vib.c:932:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ligne[100], *p;
data/njplot-2.4/njplot-vib.c:935:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char txt[5000];
data/njplot-2.4/njplot-vib.c:976:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ligne[100], topic[50];
data/njplot-2.4/njplot-vib.c:1170:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char font_full_name[40], *p;
data/njplot-2.4/njplot-vib.c:1200:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[200];
data/njplot-2.4/njplot-vib.c:1242:1: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p,".pdf");
data/njplot-2.4/njplot-vib.c:1247:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p,".pdf");
data/njplot-2.4/njplot-vib.c:1250:1: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p,".ps");
data/njplot-2.4/njplot-vib.c:1274:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, *arbre, ajout[10], *name_part;
data/njplot-2.4/njplot-vib.c:1294:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(rooted_fname, "ph");
data/njplot-2.4/njplot-vib.c:1305:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(rooted_fname,"w");
data/njplot-2.4/njplot-vib.c:1311:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mess[250];
data/njplot-2.4/njplot-vib.c:1560:5: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmp=fopen(tmpfname,"w");
data/njplot-2.4/njplot-vib.c:1596:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char select[100];
data/njplot-2.4/njplot-vib.c:1600:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(select, "%d", page_count);
data/njplot-2.4/njplot-vib.c:1617:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(select,"Page count (%d)", page_count);
data/njplot-2.4/njplot-vib.c:1640:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char select[500];
data/njplot-2.4/njplot-vib.c:1641:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aux[500];
data/njplot-2.4/njplot-vib.c:1690:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char titre_l[300];
data/njplot-2.4/njplot-vib.c:1720:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(fd_nj_plot->notu > 0) sprintf(titre_l + strlen(titre_l), " (%d tips)", fd_nj_plot->notu + 1);
data/njplot-2.4/njplot-vib.c:1761:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char texte[1000];
data/njplot-2.4/njplot-vib.c:1778:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, p, q - p);
data/njplot-2.4/njplot-vib.c:1833:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(current_ps_font,"-BoldItalic");
data/njplot-2.4/njplot-vib.c:1835:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(current_ps_font,"-BoldOblique");
data/njplot-2.4/njplot-vib.c:1837:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(current_ps_font,"-Bold");
data/njplot-2.4/njplot-vib.c:1840:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(current_ps_font,"-Italic");
data/njplot-2.4/njplot-vib.c:1842:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(current_ps_font,"-Oblique");
data/njplot-2.4/njplot-vib.c:1845:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(current_ps_font,"-Roman");
data/njplot-2.4/njplot-vib.c:1865:1: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, ".txt");
data/njplot-2.4/njplot-vib.c:1868:1: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, ".pdf" );
data/njplot-2.4/njplot-vib.c:1871:1: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, ".ps");
data/njplot-2.4/njplot-vib.c:1948:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1000];
data/njplot-2.4/njplot-vib.c:2186:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ech_name[20];
data/njplot-2.4/njplot-vib.c:2195:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ech_name, "%.1g", log_val);
data/njplot-2.4/njplot-vib.c:2221:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aux[50];
data/njplot-2.4/njplot-vib.c:2228:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(aux, "%d%%", (int)(100. * fd_nj_plot->zoomvalue + 0.5) );
data/njplot-2.4/njplot-vib.c:2379:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char copy[255];
data/njplot-2.4/njplot-vib.c:2383:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy + 1, nom, l + 1);
data/njplot-2.4/njplot-vib.c:2386:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tty_page[tty_y]+tty_x+1, nom, strlen(nom));
data/njplot-2.4/njplot-vib.c:2538:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ligne[100], *p;
data/njplot-2.4/njplot-vib.c:2539:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char txt[5000];
data/njplot-2.4/njplot-vib.c:2629:1: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(p, "/example.phb");
data/njplot-2.4/njplot-vib.c:2630:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(p, "r");
data/njplot-2.4/njplot-vib.c:2661:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mess[250];
data/njplot-2.4/njplot-vib.c:2733:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ligne[200];
data/njplot-2.4/njplot-vib.c:2743:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(totp > 1) sprintf(ligne + h, " Page %d of %d", p, totp);
data/njplot-2.4/njplot-vib.c:2854:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char message[200];
data/njplot-2.4/njplot-vib.c:2857:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (njfile=fopen(fname,"r")) == NULL ){
data/njplot-2.4/njplot-vib.c:2886:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp,arbre,finarbre-arbre);
data/njplot-2.4/njplot-vib.c:3074:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fd_nj_plot->branches[fd_nj_plot->totbranches].br_label,finarbre+1,l);
data/njplot-2.4/njplot-vib.c:3120:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fd_nj_plot->labels[nextotu], deb, l);
data/njplot-2.4/njplot-vib.c:3166:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fd_nj_plot->branches[fd_nj_plot->totbranches].br_label,q+1,l);
data/njplot-2.4/njplot-vib.c:3185:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fd_nj_plot->branches[fd_nj_plot->totbranches].br_label,ferme+1,l);
data/njplot-2.4/njplot-vib.c:3285:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + 1, "):0", 3);
data/njplot-2.4/njplot-vib.c:3658:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fd_nj_plot->tabnames[i], "# ");
data/njplot-2.4/njplot-vib.c:3800:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(end_br_length,"%.3f",bg);
data/njplot-2.4/njplot-vib.c:3805:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(end_br_length,"%.3f",bd);
data/njplot-2.4/njplot-vib.c:3947:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fin+1,p,l);
data/njplot-2.4/njplot-vib.c:3970:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arbre,fd_nj_plot->tabnames[num],l);
data/njplot-2.4/njplot-vib.c:3980:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(++arbre,":%.5f",centre->l1);
data/njplot-2.4/njplot-vib.c:3989:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(++arbre,":%.5f",centre->l2);
data/njplot-2.4/njplot-vib.c:3998:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arbre+1,q,l);
data/njplot-2.4/njplot-vib.c:4089:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
plotfile=fopen(plotfilename,"w");
data/njplot-2.4/njplot-vib.c:4091:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[300];
data/njplot-2.4/njplot-vib.c:4157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mess[250];
data/njplot-2.4/njplot-vib.c:4188:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bigline[500];
data/njplot-2.4/njplot-vib.c:4202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[300];
data/njplot-2.4/njplot-vib.c:4292:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mess[250];
data/njplot-2.4/njplot-vib.c:4335:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
plotfile=fopen(plotfilename, "w");
data/njplot-2.4/preptree.c:138:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (njfile=fopen(fname,"r")) == NULL )return ("Tree file not found.");
data/njplot-2.4/preptree.c:161:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp,arbre,finarbre-arbre);
data/njplot-2.4/preptree.c:295:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + 1, "):0", 3);
data/njplot-2.4/preptree.c:376:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(branches[totbranches].br_label,finarbre+1,l);
data/njplot-2.4/preptree.c:446:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(branches[totbranches].br_label,fpar+2,l);
data/njplot-2.4/preptree.c:458:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->nom, deb, n); p->nom[n] = 0;
data/njplot-2.4/preptree.c:710:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nouveau->nom + 1, debut->nom, l+1);
data/njplot-2.4/unrooted-vib.c:248:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_ps_font[40];
data/njplot-2.4/unrooted-vib.c:256:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list_font_name[4][40] = {"", "Times New Roman", "Lucida Sans",
data/njplot-2.4/unrooted-vib.c:259:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list_font_name[4][15] = {"", "Times", "Helvetica", "Courier"};
data/njplot-2.4/unrooted-vib.c:262:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[200];
data/njplot-2.4/unrooted-vib.c:341:1: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(current_ps_font, "Times-Roman");
data/njplot-2.4/unrooted-vib.c:547:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char font_full_name[40];
data/njplot-2.4/unrooted-vib.c:567:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(current_ps_font,"-Bold");
data/njplot-2.4/unrooted-vib.c:570:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(current_ps_font,"-Italic");
data/njplot-2.4/unrooted-vib.c:572:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(current_ps_font,"-Oblique");
data/njplot-2.4/unrooted-vib.c:575:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(current_ps_font,"-Roman");
data/njplot-2.4/unrooted-vib.c:671:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[200];
data/njplot-2.4/unrooted-vib.c:872:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmp = fopen(tmpfname,"w");
data/njplot-2.4/unrooted-vib.c:894:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *sp, *p1, message[100];
data/njplot-2.4/unrooted-vib.c:895:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plotfilename[200];
data/njplot-2.4/unrooted-vib.c:914:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sp,".pdf");
data/njplot-2.4/unrooted-vib.c:916:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sp,".ps");
data/njplot-2.4/unrooted-vib.c:953:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
plotfile = fopen(plotfilename,"w");
data/njplot-2.4/unrooted-vib.c:1026:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mess[150];
data/njplot-2.4/unrooted-vib.c:1113:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char copy[255];
data/njplot-2.4/unrooted-vib.c:1118:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy + 1, chaine, l + 1);
data/njplot-2.4/unrooted-vib.c:1183:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lettre[2] = "A";
data/njplot-2.4/unrooted-vib.c:1258:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char chaine[2] = " ";
data/njplot-2.4/unrooted-vib.c:1282:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ech_name[20];
data/njplot-2.4/unrooted-vib.c:1294:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ech_name, "%.1g", log_val);
data/njplot-2.4/unrooted-vib.c:1344:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nom255[256];
data/njplot-2.4/unrooted-vib.c:1345:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
w = strlen(nom); memcpy(nom255+1, nom, w); nom255[0] = w;
data/njplot-2.4/unrooted-vib.c:1435:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char select[100];
data/njplot-2.4/unrooted-vib.c:1436:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aux[100];
data/njplot-2.4/unrooted-vib.c:1501:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ligne[200];
data/njplot-2.4/njplot-vib.c:844:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lf=strlen(fname);
data/njplot-2.4/njplot-vib.c:854:27: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy(dir,deb,fin-deb); ltot=fin-deb; }
data/njplot-2.4/njplot-vib.c:856:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ strcpy(dir,deb); ltot=strlen(dir); }
data/njplot-2.4/njplot-vib.c:959:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(p, ligne); p += strlen(ligne);
data/njplot-2.4/njplot-vib.c:983:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(topic) - 1;
data/njplot-2.4/njplot-vib.c:1179:28: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(use_bold || use_italic) strcat(font_full_name, ",");
data/njplot-2.4/njplot-vib.c:1180:14: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(use_bold) strcat(font_full_name, "b");
data/njplot-2.4/njplot-vib.c:1181:16: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(use_italic) strcat(font_full_name, "i");
data/njplot-2.4/njplot-vib.c:1240:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(p == NULL) p = plotfilename + strlen(plotfilename);
data/njplot-2.4/njplot-vib.c:1288:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(p == NULL) p = name_part + strlen(name_part);
data/njplot-2.4/njplot-vib.c:1561:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(buff, 1, strlen(buff), tmp);
data/njplot-2.4/njplot-vib.c:1671:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(select) == 0) return;
data/njplot-2.4/njplot-vib.c:1703:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
taille = strlen(pname) + strlen(fname) + 3;
data/njplot-2.4/njplot-vib.c:1703:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
taille = strlen(pname) + strlen(fname) + 3;
data/njplot-2.4/njplot-vib.c:1706:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(message, " ");
data/njplot-2.4/njplot-vib.c:1720:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(fd_nj_plot->notu > 0) sprintf(titre_l + strlen(titre_l), " (%d tips)", fd_nj_plot->notu + 1);
data/njplot-2.4/njplot-vib.c:1774:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(q == NULL) q = p + strlen(p);
data/njplot-2.4/njplot-vib.c:1862:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(p == NULL) p = plotfilename + strlen(plotfilename);
data/njplot-2.4/njplot-vib.c:2329:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width = TextWidth(text, 0, strlen(text));
data/njplot-2.4/njplot-vib.c:2335:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width = strlen(text);
data/njplot-2.4/njplot-vib.c:2338:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width = strlen(text) * font_size * postscript_ratio + 0.5;
data/njplot-2.4/njplot-vib.c:2346:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width = Nlm_TextWidth(text, strlen(text) ) * postscript_ratio + 0.5;
data/njplot-2.4/njplot-vib.c:2360:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width = Nlm_TextWidth(text, strlen(text) );
data/njplot-2.4/njplot-vib.c:2381:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(nom);
data/njplot-2.4/njplot-vib.c:2386:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(tty_page[tty_y]+tty_x+1, nom, strlen(nom));
data/njplot-2.4/njplot-vib.c:2552:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(p, ligne); p += strlen(ligne);
data/njplot-2.4/njplot-vib.c:2742:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h = strlen(ligne) - 1; ligne[h] = 0;
data/njplot-2.4/njplot-vib.c:2862:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
do c=fgetc(njfile);
data/njplot-2.4/njplot-vib.c:2866:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
do c=fgetc(njfile); while (c != ']');
data/njplot-2.4/njplot-vib.c:2867:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
do c=fgetc(njfile); while ( isspace(c) );
data/njplot-2.4/njplot-vib.c:2881:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( (c=fgetc(njfile)) != EOF && c != ';') {
data/njplot-2.4/njplot-vib.c:2910:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arbre = (char *)realloc(arbre, strlen(arbre) + 4 * v + 5 ); /* worst case add 4 chars for each , */
data/njplot-2.4/njplot-vib.c:2912:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fd_nj_plot->long_arbre_parenth = strlen(arbre);
data/njplot-2.4/njplot-vib.c:2938:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lp = strlen(tty_prefix);
data/njplot-2.4/njplot-vib.c:2940:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(fd_nj_plot->labels[i]) + lp;
data/njplot-2.4/njplot-vib.c:2951:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = strlen(fd_nj_plot->labels[i]);
data/njplot-2.4/njplot-vib.c:3281:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(p);
data/njplot-2.4/njplot-vib.c:3662:56: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
for(i=fd_nj_plot->notu+1; i<=2*fd_nj_plot->notu; i++) sprintf(fd_nj_plot->tabnames[i],"#");
data/njplot-2.4/njplot-vib.c:3664:58: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
for(i=fd_nj_plot->notu+1; i<=2*fd_nj_plot->notu-1; i++) sprintf(fd_nj_plot->tabnames[i],"#");
data/njplot-2.4/njplot-vib.c:3668:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(fd_nj_plot->tabnames[i]);
data/njplot-2.4/njplot-vib.c:3802:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end_br_length += (strlen(end_br_length)+1);
data/njplot-2.4/njplot-vib.c:3807:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end_br_length += (strlen(end_br_length)+1);
data/njplot-2.4/njplot-vib.c:3830:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(nom) != 0) {
data/njplot-2.4/njplot-vib.c:3922:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p1 = ecrit_arbre_parenth(t1); *(p1 + strlen(p1) - 1) = 0;
data/njplot-2.4/njplot-vib.c:3923:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p2 = ecrit_arbre_parenth(t2); *(p2 + strlen(p2) - 1) = 0;
data/njplot-2.4/njplot-vib.c:3924:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p3 = ecrit_arbre_parenth(t3); *(p3 + strlen(p3) - 1) = 0;
data/njplot-2.4/njplot-vib.c:3925:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(p1) + strlen(p2)+ strlen(p3) + 150;
data/njplot-2.4/njplot-vib.c:3925:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(p1) + strlen(p2)+ strlen(p3) + 150;
data/njplot-2.4/njplot-vib.c:3925:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(p1) + strlen(p2)+ strlen(p3) + 150;
data/njplot-2.4/njplot-vib.c:3944:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(p);
data/njplot-2.4/njplot-vib.c:3955:1: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(fin+1,";");
data/njplot-2.4/njplot-vib.c:3968:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(fd_nj_plot->tabnames[num]);
data/njplot-2.4/njplot-vib.c:3996:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(q);
data/njplot-2.4/njplot-vib.c:4331:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = tty_page[h] + strlen(tty_page[h]) - 1;
data/njplot-2.4/preptree.c:140:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
do c=fgetc(njfile);
data/njplot-2.4/preptree.c:144:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
do c=fgetc(njfile); while (c != ']');
data/njplot-2.4/preptree.c:145:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
do c=fgetc(njfile); while (c == '\n' || c == '\r' || c == ' ' );
data/njplot-2.4/preptree.c:156:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( (c=fgetc(njfile)) != EOF && c != ';') {
data/njplot-2.4/preptree.c:176:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arbre = (char *)realloc(arbre, strlen(arbre) + 4 * v + 5 ); /* worst case add 4 chars for each , */
data/njplot-2.4/preptree.c:291:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(p);
data/njplot-2.4/preptree.c:707:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(debut->nom);
data/njplot-2.4/unrooted-vib.c:557:28: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(use_bold || use_italic) strcat(font_full_name, ",");
data/njplot-2.4/unrooted-vib.c:558:14: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(use_bold) strcat(font_full_name, "b");
data/njplot-2.4/unrooted-vib.c:559:16: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(use_italic) strcat(font_full_name, "i");
data/njplot-2.4/unrooted-vib.c:873:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(buff, 1, strlen(buff), tmp);
data/njplot-2.4/unrooted-vib.c:912:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(sp == NULL) sp = plotfilename + strlen(plotfilename);
data/njplot-2.4/unrooted-vib.c:1116:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(chaine);
data/njplot-2.4/unrooted-vib.c:1205:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
y_delta *= ( (int) strlen(nom) );
data/njplot-2.4/unrooted-vib.c:1345:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w = strlen(nom); memcpy(nom255+1, nom, w); nom255[0] = w;
data/njplot-2.4/unrooted-vib.c:1349:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w = w * 0.61 * (int)strlen(nom);
data/njplot-2.4/unrooted-vib.c:1360:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w = Nlm_TextWidth(nom, strlen(nom)) ;
data/njplot-2.4/unrooted-vib.c:1462:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(select) == 0) return;
data/njplot-2.4/unrooted-vib.c:1510:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h = strlen(ligne); ligne[h - 1] = 0;
ANALYSIS SUMMARY:
Hits = 255
Lines analyzed = 7154 in approximately 0.19 seconds (38476 lines/second)
Physical Source Lines of Code (SLOC) = 6164
Hits@level = [0] 47 [1] 73 [2] 124 [3] 5 [4] 53 [5] 0
Hits@level+ = [0+] 302 [1+] 255 [2+] 182 [3+] 58 [4+] 53 [5+] 0
Hits/KSLOC@level+ = [0+] 48.9942 [1+] 41.3692 [2+] 29.5263 [3+] 9.40947 [4+] 8.59831 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.