Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_dawson.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_complex.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/function.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/fresnel.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multiset.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_airy.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_exp.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/cqp.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_coupling.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_complex.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_tensor.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_with_narray.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_cheb.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_interp.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_with_nmatrix.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_math.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_poly.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_histogram3d.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_common.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_rng.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_statistics.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_root.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_rational.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_fft.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_eigen.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_histogram.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_graph.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_fit.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_sf.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_linalg.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_interp2d.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_array.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_function.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/templates_off.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_dirac.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_odeiv.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/templates_on.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_integration.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/include/rb_gsl_const.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/randist.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_fermi_dirac.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/math.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/monte.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/array.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_mathieu.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_clausen.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/fit.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/cheb.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/complex.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_synchrotron.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/root.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram_find.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_gegenbauer.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/qrng.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/signal.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_nmatrix.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_expint.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_laguerre.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/ieee.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/common.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/const.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sum.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/blas3.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/deriv.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/jacobi.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_coulomb.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_debye.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/rng.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multimin_fsdf.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/rational.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/blas.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_gamma.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/cdf.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly_source.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/min.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_elljac.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/permutation.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_dilog.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/nmf_wrap.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_complex.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/stats.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tamu_anova.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/dirac.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram2d.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_trigonometric.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram3d.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/bspline.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multiroots.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_psi.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_ellint.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/fft.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/diff.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multimin.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/linalg.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/ool.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/linalg_complex.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_int.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_transport.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/spline.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_narray.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/const_additional.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/integration.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/blas1.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_double.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/ntuple.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/dht.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sort.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram3d_source.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/error.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_bessel.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_lambert.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/odeiv.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/blas2.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_log.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/wavelet.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_legendre.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/ndlinear.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/bundle.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram_oper.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/array_complex.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_hyperg.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_elementary.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multifit.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/combination.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_erfc.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/alf.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_power.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/siman.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf_zeta.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/geometry.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_int.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/nmf.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp2d.c Examining data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/spline2d.c FINAL RESULTS: data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:80:36: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static VALUE FUNCTION(rb_gsl_block,fprintf)(int argc, VALUE *argv, VALUE obj) data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:92:33: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. status = FUNCTION(gsl_block,fprintf)(fp, h, STR2CSTR(argv[1])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:94:33: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. status = FUNCTION(gsl_block,fprintf)(fp, h, FORMAT_DEFAULT); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:100:36: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static VALUE FUNCTION(rb_gsl_block,printf)(int argc, VALUE *argv, VALUE obj) data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:107:33: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. status = FUNCTION(gsl_block,fprintf)(stdout, h, STR2CSTR(argv[0])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:109:33: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. status = FUNCTION(gsl_block,fprintf)(stdout, h, FORMAT_DEFAULT); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:116:36: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. static VALUE FUNCTION(rb_gsl_block,fscanf)(VALUE obj, VALUE io) data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:123:31: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. status = FUNCTION(gsl_block,fscanf)(fp, h); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:149:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, PRINTF_FORMAT, (TYPE2) v->data[i]); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:168:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s\n", rb_class2name(CLASS_OF(obj))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:842:75: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. rb_define_method(GSL_TYPE(cgsl_block), "fprintf", FUNCTION(rb_gsl_block,fprintf), -1); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:843:74: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. rb_define_method(GSL_TYPE(cgsl_block), "printf", FUNCTION(rb_gsl_block,printf), -1); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:844:74: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. rb_define_method(GSL_TYPE(cgsl_block), "fscanf", FUNCTION(rb_gsl_block,fscanf), 1); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/complex.c:172:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp, STR2CSTR(s)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/complex.c:173:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(format, "%s %s\n", tmp, tmp); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/complex.c:174:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, format, GSL_REAL(*c), GSL_IMAG(*c)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/complex.c:876:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s\n", rb_class2name(CLASS_OF(obj))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/function.c:257:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(opt, STR2CSTR(argv[1])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/function.c:286:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "graph -T X -g 3 %s", opt); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/function.c:287:8: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fp = popen(command, "w"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:18:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "graph -T X -g 3 %s", STR2CSTR(hash)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:26:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -T %s", command, STR2CSTR(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:28:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -T X", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:31:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -C", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:33:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -g %d", command, (int) FIX2INT(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:35:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -g 3", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:37:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -B", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:39:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -E %s", command, STR2CSTR(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:41:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -f %f", command, NUM2DBL(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:43:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -F %s", command, STR2CSTR(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:45:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -h %f", command, NUM2DBL(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:47:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -k %f", command, NUM2DBL(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:49:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -K %d", command, (int) FIX2INT(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:52:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -l x -l y", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:54:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -l %s", command, STR2CSTR(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:57:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -L \"%s\"", command, STR2CSTR(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:59:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -N %s", command, STR2CSTR(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:61:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -r %f", command, NUM2DBL(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:63:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -R %s", command, STR2CSTR(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:65:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -s", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:67:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -t", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:69:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -u %f", command, NUM2DBL(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:71:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -w %f", command, NUM2DBL(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:73:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -x %s", command, STR2CSTR(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:75:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -X \"%s\"", command, STR2CSTR(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:77:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -y %s", command, STR2CSTR(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:79:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -Y \"%s\"", command, STR2CSTR(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:81:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --bg-color %s", command, STR2CSTR(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:83:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --bitmap-size %s", command, STR2CSTR(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:85:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --frame-color %s", command, STR2CSTR(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:87:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --frame-line-width %f", command, NUM2DBL(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:89:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --max-line-length %f", command, NUM2DBL(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:91:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --page-size %s", command, STR2CSTR(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:93:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --pen-colors %s", command, STR2CSTR(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:95:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --rotation %f", command, NUM2DBL(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:97:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --title-font-name %s", command, STR2CSTR(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:99:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --title-font-size %f", command, NUM2DBL(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:101:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --toggle-rotate-y-label", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:103:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -m %d", command, (int) FIX2INT(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:105:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -S %d", command, (int) FIX2INT(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:107:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -W %f", command, NUM2DBL(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:109:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -q %f", command, NUM2DBL(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:111:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --symbol-font-name %s", command, STR2CSTR(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:113:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --reposition %s", command, STR2CSTR(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:115:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --blankout %s", command, STR2CSTR(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:117:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -O", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:971:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -T X", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:973:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -T %s", command, STR2CSTR(g->T)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:975:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, STR2CSTR(g->E)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:977:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -E x", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:979:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -E y", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:981:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -E x -E y", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:986:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -f %f", command, NUM2DBL(g->f)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:988:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -F %s", command, STR2CSTR(g->F)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:990:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -g %d", command, (int) FIX2INT(g->g)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:992:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -h %f", command, NUM2DBL(g->h)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:994:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -k %f", command, NUM2DBL(g->k)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:996:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -K %d", command, (int) FIX2INT(g->K)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:998:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, STR2CSTR(g->l)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1000:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -l x", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1002:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -l y", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1004:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -l x -l y", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1009:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -L \"%s\"", command, STR2CSTR(g->L)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1011:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, STR2CSTR(g->N)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1013:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -N x", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1015:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -N y", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1017:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -N x -N y", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1022:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -r %f", command, NUM2DBL(g->r)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1024:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, STR2CSTR(g->R)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1026:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -R x", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1028:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -R y", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1030:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -R x -R y", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1035:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -u %f", command, NUM2DBL(g->u)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1037:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -w %f", command, NUM2DBL(g->w)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1040:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -x %s", command, STR2CSTR(g->x)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1043:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -x", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1049:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s %f", command, NUM2DBL(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1059:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -y %s", command, STR2CSTR(g->y)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1062:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -y", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1068:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s %f", command, NUM2DBL(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1077:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -X \"%s\"", command, STR2CSTR(g->X)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1079:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -Y \"%s\"", command, STR2CSTR(g->Y)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1081:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --bg-color %s", command, STR2CSTR(g->bg)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1083:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --bitmap-size %s", command, STR2CSTR(g->bitmap_size)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1085:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --frame-color %s", command, STR2CSTR(g->frame)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1087:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --frame-line-width %f", command, NUM2DBL(g->frame_line_width)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1089:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --max_line_length %d", command, data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1092:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --page-size %s", command, STR2CSTR(g->page_size)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1094:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --pen-colors %s", command, STR2CSTR(g->pen_colors)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1096:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --rotation %d", command, (int) FIX2INT(g->rotation)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1098:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --title-font-name %s", command, STR2CSTR(g->title_font_name)); if (g->title_font_size != Qnil) data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1099:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --title-font-size %f", command, NUM2DBL(g->title_font_size)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1101:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --toggle-rotate-y-label", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1103:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -I %s", command, STR2CSTR(g->I)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1105:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -s", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1107:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -t", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1109:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -B", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1111:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -m %d", command, (int) FIX2INT(g->m)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1114:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -S %s", command, STR2CSTR(g->S)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1119:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -S %d %f", command, (int) FIX2INT(rb_ary_entry(g->S, 0)), data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1128:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -W %f", command, NUM2DBL(g->W)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1130:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -q %f", command, NUM2DBL(g->q)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1132:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -C", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1134:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --symbol_font_name %s", command, STR2CSTR(g->symbol_font_name)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1137:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --reposition %s", command, STR2CSTR(g->reposition)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1140:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --reposition", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1146:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s %f", command, NUM2DBL(val)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1155:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s --blankout %f", command, NUM2DBL(g->blankout)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1157:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s -O", command); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1176:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s %s", command, STR2CSTR(argv[2])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1180:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s %s", command, STR2CSTR(argv[1])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1190:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s %s", command, STR2CSTR(argv[0])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1210:8: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fp = popen(command, "w"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1244:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s %s", command, STR2CSTR(argv[2])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1248:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s %s", command, STR2CSTR(argv[1])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1258:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s %s", command, STR2CSTR(argv[0])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1276:8: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fp = popen(command, "w"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl.c:26:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s", rb_class2name(CLASS_OF(obj))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl.c:49:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "Class: %s\n", rb_class2name(CLASS_OF(obj))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl.c:50:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sSuperClass: %s\n", buf, rb_class2name(RCLASS_SUPER(CLASS_OF(obj)))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl.c:52:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (s) sprintf(buf, "%sType: %s\n", buf, STR2CSTR(s)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl.c:54:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (s) sprintf(buf, "%sSize: %d\n", buf, (int) FIX2INT(s)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:115:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename, StringValuePtr(name)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:116:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "wc %s", filename); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:117:8: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fp = popen(buf, "r"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:945:8: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fp = popen(command, "w"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:969:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fp = popen("gnuplot -persist", "w"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:974:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fp = popen("gnuplot -persist", "w"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:1554:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fittype, STR2CSTR(argv[0])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp.c:418:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, STR2CSTR(t)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp.c:446:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "Class: %s\n", rb_class2name(CLASS_OF(obj))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp.c:447:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sSuperClass: %s\n", buf, rb_class2name(RCLASS_SUPER(CLASS_OF(obj)))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp.c:448:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sType: %s\n", buf, gsl_interp_name(p->p)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp.c:449:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sxmin: %f\n", buf, p->p->xmin); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp.c:450:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sxmax: %f\n", buf, p->p->xmax); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp.c:451:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sSize: %d\n", buf, (int) p->p->size); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp2d.c:217:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, STR2CSTR(t)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_complex.c:627:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_complex.c:653:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "#<%s[%lu,%lu]:%#lx>\n", rb_class2name(CLASS_OF(obj)), m->size1, m->size2, NUM2ULONG(rb_obj_id(obj))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:851:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(PRINTF_FORMAT, FUNCTION(gsl_matrix,get)(m, i, j)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:886:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(format2, format); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:888:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(format, PRINTF_FORMAT); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:889:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(format2, " " PRINTF_FORMAT); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:900:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, format, x); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:902:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, format2, x); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:931:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s\n", rb_class2name(CLASS_OF(obj))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:941:37: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static VALUE FUNCTION(rb_gsl_matrix,fprintf)(int argc, VALUE *argv, VALUE obj) data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:953:34: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. status = FUNCTION(gsl_matrix,fprintf)(fp, h, STR2CSTR(argv[1])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:955:34: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. status = FUNCTION(gsl_matrix,fprintf)(fp, h, PRINTF_FORMAT2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:961:37: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static VALUE FUNCTION(rb_gsl_matrix,printf)(int argc, VALUE *argv, VALUE obj) data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:968:34: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. status = FUNCTION(gsl_matrix,fprintf)(stdout, h, STR2CSTR(argv[0])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:970:34: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. status = FUNCTION(gsl_matrix,fprintf)(stdout, h, PRINTF_FORMAT2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:976:37: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. static VALUE FUNCTION(rb_gsl_matrix,fscanf)(VALUE obj, VALUE io) data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:983:32: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. status = FUNCTION(gsl_matrix,fscanf)(fp, h); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2066:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "Class: %s\n", rb_class2name(CLASS_OF(obj))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2067:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sSuperClass: %s\n", buf, rb_class2name(RCLASS_SUPER(CLASS_OF(obj)))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2068:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sDimension: %dx%d\n", buf, (int) m->size1, (int) m->size2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2069:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sSize: %d\n", buf, (int) (m->size1*m->size2)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2524:43: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. FUNCTION(rb_gsl_matrix,fprintf), -1); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2526:43: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. FUNCTION(rb_gsl_matrix,printf), -1); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2528:43: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. FUNCTION(rb_gsl_matrix,fscanf), 1); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/min.c:30:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, STR2CSTR(t)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/monte.c:444:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, STR2CSTR(vt)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multifit.c:213:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, STR2CSTR(argv[0])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multifit.c:1716:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fittype, STR2CSTR(argv[2])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multifit.c:1722:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fittype, STR2CSTR(argv[3])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multimin.c:449:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, STR2CSTR(t)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multimin.c:594:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, STR2CSTR(t)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multimin_fsdf.c:19:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, STR2CSTR(t)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multiroots.c:433:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name,STR2CSTR(t)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multiroots.c:462:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name,STR2CSTR(t)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/odeiv.c:348:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, STR2CSTR(tt)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/odeiv.c:445:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "Class: %s\n", rb_class2name(CLASS_OF(obj))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/odeiv.c:446:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sSuperClass: %s\n", buf, rb_class2name(RCLASS_SUPER(CLASS_OF(obj)))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/odeiv.c:447:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sType: %s\n", buf, gsl_odeiv_step_name(s)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/odeiv.c:448:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sDimension: %d\n", buf, (int) s->dimension); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/ool.c:34:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, STR2CSTR(t)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/permutation.c:338:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s\n", rb_class2name(CLASS_OF(obj))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly_source.h:1531:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "Class: %s\n", rb_class2name(CLASS_OF(obj))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly_source.h:1532:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sSuperClass: %s\n", buf, rb_class2name(RCLASS_SUPER(CLASS_OF(obj)))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly_source.h:1533:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sOrder: %d\n", buf, (int) v->size-1); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/qrng.c:38:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, STR2CSTR(t)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/root.c:37:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, STR2CSTR(t)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/root.c:202:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, STR2CSTR(t)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf.c:38:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s\n", rb_class2name(CLASS_OF(obj))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/spline.c:347:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "Class: %s\n", rb_class2name(CLASS_OF(obj))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/spline.c:348:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sSuperClass: %s\n", buf, rb_class2name(RCLASS_SUPER(CLASS_OF(obj)))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/spline.c:349:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sType: %s\n", buf, gsl_interp_name(p->s->interp)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/spline.c:350:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sxmin: %f\n", buf, p->s->interp->xmin); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/spline.c:351:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sxmax: %f\n", buf, p->s->interp->xmax); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/spline.c:352:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sSize: %d\n", buf, (int) p->s->size); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:290:33: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static VALUE FUNCTION(rb_tensor,fprintf)(int argc, VALUE *argv, VALUE obj) data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:302:32: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. status = FUNCTION(tensor,fprintf)(fp, h->tensor, STR2CSTR(argv[1])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:307:30: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. status = FUNCTION(tensor,fprintf)(fp, h->tensor, OUT_FORMAT); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:314:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static VALUE FUNCTION(rb_tensor,printf)(int argc, VALUE *argv, VALUE obj) data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:323:32: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. status = FUNCTION(tensor,fprintf)(stdout, h->tensor, STR2CSTR(argv[0])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:325:30: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. status = FUNCTION(tensor,fprintf)(stdout, h->tensor, OUT_FORMAT); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:330:33: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. static VALUE FUNCTION(rb_tensor,fscanf)(VALUE obj, VALUE io) data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:337:28: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. status = FUNCTION(tensor,fscanf)(fp, h->tensor); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:789:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, PRINTF_FORMAT, FUNCTION(gsl_matrix,get)(m, i, j)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:819:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, PRINTF_FORMAT, FUNCTION(gsl_vector,get)(v, 0)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:822:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, PRINTF_FORMAT, FUNCTION(gsl_vector,get)(v, i)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:843:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s\n", rb_class2name(CLASS_OF(obj))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:941:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "Class: %s\n", rb_class2name(CLASS_OF(obj))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:942:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sSuperClass: %s\n", buf, rb_class2name(RCLASS_SUPER(CLASS_OF(obj)))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:943:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sRank: %d\n", buf, (int) t->tensor->rank); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:944:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sDimension: %d\n", buf, (int) t->tensor->dimension); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:945:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%sSize: %d\n", buf, (int) t->tensor->size); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:1002:39: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. FUNCTION(rb_tensor,fprintf), -1); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:1004:39: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. FUNCTION(rb_tensor,printf), -1); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:1006:39: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. FUNCTION(rb_tensor,fscanf), 1); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_complex.c:464:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "#<%s[%lu]:%#lx>\n", rb_class2name(CLASS_OF(obj)), v->size, NUM2ULONG(rb_obj_id(obj))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:534:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "graph -T X %s", STR2CSTR(argv[argc-1])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:541:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fp = popen(command, "w"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:561:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fp = popen(command, "w"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:765:8: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fp = popen("gnuplot -persist", "w"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:771:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s %s", command, STR2CSTR(argv[4])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:775:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s %s", command, STR2CSTR(argv[3])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:785:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s %s", command, STR2CSTR(argv[2])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:795:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s %s", command, STR2CSTR(argv[1])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:805:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "%s %s", command, STR2CSTR(argv[0])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:906:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename, STR2CSTR(file)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:907:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "wc %s", filename); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:908:8: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fp = popen(buf, "r"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:913:37: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static VALUE FUNCTION(rb_gsl_vector,fprintf)(int argc, VALUE *argv, VALUE obj) data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:924:36: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. status = FUNCTION(gsl_vector,fprintf)(fp, h, STR2CSTR(argv[1])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:928:34: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. status = FUNCTION(gsl_vector,fprintf)(fp, h, "%g"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:934:37: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static VALUE FUNCTION(rb_gsl_vector,printf)(int argc, VALUE *argv, VALUE obj) data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:943:36: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. status = FUNCTION(gsl_vector,fprintf)(stdout, h, STR2CSTR(argv[0])); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:945:34: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. status = FUNCTION(gsl_vector,fprintf)(stdout, h, "%g"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:950:37: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. static VALUE FUNCTION(rb_gsl_vector,fscanf)(VALUE obj, VALUE io) data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:957:32: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. status = FUNCTION(gsl_vector,fscanf)(fp, h); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1122:8: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fp = popen(command, "w"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1179:8: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fp = popen(command, "w"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1214:8: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fp = popen("gnuplot -persist", "w"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1263:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(PRINTF_FORMAT, FUNCTION(gsl_vector,get)(v, 0)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1265:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(PRINTF_FORMAT, FUNCTION(gsl_vector,get)(v, i)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1269:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. for (i = 0; i < v->size; i++) printf(PRINTF_FORMAT, FUNCTION(gsl_vector,get)(v, i)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1313:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(format2, format); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1315:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(format, PRINTF_FORMAT); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1316:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(format2, " " PRINTF_FORMAT); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1324:18: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. if (x < 0) sprintf(buf, format, x); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1325:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. else sprintf(buf, format2, x); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1335:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, PRINTF_FORMAT, FUNCTION(gsl_vector,get)(v, 0)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1338:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, PRINTF_FORMAT, FUNCTION(gsl_vector,get)(v, i)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1357:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s\n", rb_class2name(CLASS_OF(obj))); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1625:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, PRINTF_FORMAT2, FUNCTION(gsl_vector,get)(vp[i], j)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2224:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename, STR2CSTR(file)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2225:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "sed '/^#/d' %s | wc", filename); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2226:13: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if ((fp = popen(buf, "r")) == NULL) data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2256:11: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. k = fscanf(fp, FORMAT_TMP, &val); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:3103:43: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. FUNCTION(rb_gsl_vector,fprintf), -1); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:3105:43: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. FUNCTION(rb_gsl_vector,printf), -1); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:3107:43: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. FUNCTION(rb_gsl_vector,fscanf), 1); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/nmf.c:67:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/array.c:226:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a, NA_PTR_TYPE(ary2,double*), size*sizeof(double)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/array.c:242:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v->data, NA_PTR_TYPE(ary2,double*), size*sizeof(double)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:141:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:152:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "... "); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:167:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/common.c:25:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(name, "w"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/common.c:51:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(name, "r"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/common.c:120:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/common.c:156:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/complex.c:169:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[32], format[64]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/complex.c:865:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/complex.c:868:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "[ %4.3e %4.3e ]", GSL_REAL(*z), GSL_IMAG(*z)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/complex.c:874:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/dirac.c:177:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[7]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/dirac.c:195:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "Alpha%d", (int) i+1); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/dirac.c:203:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[7]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/dirac.c:210:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "Gamma%d", (int) i); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/dirac.c:228:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/dirac.c:238:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "Lambda%d", (int) i+1); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/dirac.c:340:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *name[NUM] = {"Pauli1", "Pauli2", "Pauli3", data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:106:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(A->data, (double*) na->ptr, sizeof(double)*A->size1*A->size2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:123:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(A->data, (double*) na->ptr, sizeof(double)*A->size1*A->size2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:160:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(A->data, (double*) nm->elements, sizeof(double)*A->size1*A->size2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:284:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(A->data, (double*) na->ptr, sizeof(double)*A->size1*A->size2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:301:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(A->data, (double*) na->ptr, sizeof(double)*A->size1*A->size2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:345:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(A->data, (double*) nm->elements, sizeof(double)*A->size1*A->size2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:362:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(A->data, (double*) nm->elements, sizeof(double)*A->size1*A->size2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:761:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(A->data, (double*) na->ptr, sizeof(double)*A->size1*A->size2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:778:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(A->data, (double*) na->ptr, sizeof(double)*A->size1*A->size2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:980:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(A->data, (double*) na->ptr, sizeof(double)*A->size1*A->size2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:997:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(A->data, (double*) na->ptr, sizeof(double)*A->size1*A->size2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:1177:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(A->data, (double*) na->ptr, sizeof(double)*A->size1*A->size2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/eigen.c:1194:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(A->data, (double*) na->ptr, sizeof(double)*A->size1*A->size2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/fft.c:614:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr2, ptr1, sizeof(double)*n); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/fft.c:718:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr2, ptr1, sizeof(double)*n); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/fft.c:797:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr2, ptr1, sizeof(double)*n); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/function.c:249:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char opt[256] = "", command[1024]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:21:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(command, "graph"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:966:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:969:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(command, "graph"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1169:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[1024]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/graph.c:1237:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[1024]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl.c:25:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl.c:47:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_narray.c:29:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(NA_PTR_TYPE(nary,double*), v->data, shape[0]*sizeof(double)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_narray.c:48:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(NA_PTR_TYPE(nary,double*), v->data, shape[0]*2*sizeof(double)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_narray.c:167:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(NA_PTR_TYPE(nary,int*), v->data, shape[0]*sizeof(int)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_narray.c:270:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v->data, NA_PTR_TYPE(nary,double*), v->size*sizeof(double)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_narray.c:297:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v->data, NA_PTR_TYPE(nary,gsl_complex*), v->size*sizeof(gsl_complex)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_narray.c:324:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v->data, NA_PTR_TYPE(nary,int*), v->size*sizeof(int)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_narray.c:354:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(NA_PTR_TYPE(nary,double*)+(i*shape[0]), m->data+(i*m->tda), data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_narray.c:381:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(NA_PTR_TYPE(nary,int*)+(i*shape[0]), m->data+(i*m->tda), data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_narray.c:516:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m->data, NA_PTR_TYPE(ary2,double*), m->size1*m->size2*sizeof(double)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_narray.c:548:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m->data, NA_PTR_TYPE(ary2,int*), m->size1*m->size2*sizeof(int)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_nmatrix.c:73:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v->data, s->elements, v->size*sizeof(double)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_nmatrix.c:87:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v->data, s->elements, v->size*sizeof(int32_t)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_nmatrix.c:101:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v->data, s->elements, v->size*sizeof(double)*2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_nmatrix.c:134:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m->data, s->elements, s->shape[0]*s->shape[1]*sizeof(double)); // double is nm :float64 data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_nmatrix.c:146:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m->data, s->elements, s->shape[0]*s->shape[1]*sizeof(int32_t)); // int32_t is nm :int32 data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/gsl_nmatrix.c:158:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m->data, s->elements, s->shape[0]*s->shape[1]*sizeof(double)*2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:109:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024], buf[1024]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:124:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "r"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:932:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[1024]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:936:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(command, "graph -T X -g 3"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram.c:1551:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fittype[32]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram3d_source.c:144:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h->xrange, xrange, sizeof(double)*xsize); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram3d_source.c:145:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h->yrange, yrange, sizeof(double)*ysize); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram3d_source.c:146:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h->zrange, zrange, sizeof(double)*zsize); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram3d_source.c:171:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->xrange, src->xrange, sizeof(double)*(nx+1)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram3d_source.c:172:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->yrange, src->yrange, sizeof(double)*(ny+1)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram3d_source.c:173:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->zrange, src->zrange, sizeof(double)*(nz+1)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/histogram3d_source.c:174:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->bin, src->bin, sizeof(double)*nx*ny*nz); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/ieee.c:32:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(RSTRING_PTR(argv[0]), "w"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp.c:401:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp.c:444:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp2d.c:204:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/interp2d.c:236:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/linalg.c:58:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((double*)na2->ptr, (double*)na->ptr, sizeof(double)*na2->total); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/linalg.c:946:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(NA_PTR_TYPE(qr,double*),na->ptr,sizeof(double)*shapem[0]*shapem[1]); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/linalg.c:2388:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(NA_PTR_TYPE(u,double*), (double*)A->ptr, sizeof(double)*A->total); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/linalg.c:2410:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(NA_PTR_TYPE(u,double*), (double*)A->ptr, sizeof(double)*A->total); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/linalg.c:2704:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(NA_PTR_TYPE(chol,double*), (double*)na->ptr, sizeof(double)*na->total); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/linalg.c:3390:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mtmp->data, (double*)na->ptr, sizeof(double)*na->total); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/linalg.c:3403:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mtmp->data, (double*)na->ptr, sizeof(double)*na->total); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/linalg.c:3423:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mtmp->data, (double*)nm->elements, sizeof(double)*nm->shape[0]*nm->shape[1]); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/linalg.c:3522:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mtmp->data, (double*)nm->elements, sizeof(double)*nm->shape[0]*nm->shape[1]); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_complex.c:603:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_complex.c:649:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:276:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m->data, NA_PTR_TYPE(ary,BASE*), n*sizeof(BASE)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:785:27: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(gsl_matrix,memcpy)(&mv.matrix, mother); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:868:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32], format[32], format2[32]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:885:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(format, "%%%dd ", (int) dig); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:894:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, " "); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:905:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "... "); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:911:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "\n ... ]"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:930:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:1101:23: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(gsl_matrix,memcpy)(mnew, m); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:1105:37: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static VALUE FUNCTION(rb_gsl_matrix,memcpy)(VALUE obj, VALUE mm1, VALUE mm2) data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:1111:23: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(gsl_matrix,memcpy)(m1, m2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:1332:23: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(gsl_matrix,memcpy)(mnew, m); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:1334:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(gsl_matrix,memcpy)(mtmp, mnew); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:1632:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t->tensor->data, m->data, sizeof(BASE)*t->tensor->size); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2029:23: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(gsl_matrix,memcpy)(m, mnew); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2049:23: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(gsl_matrix,memcpy)(m, mnew); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2064:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2140:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(gsl_matrix,memcpy)(mnew, m); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2471:53: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(rb_gsl_matrix,memcpy), 2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/min.c:27:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/monte.c:435:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multifit.c:208:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multifit.c:1690:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fittype[256]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multimin.c:446:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multimin.c:590:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multimin_fsdf.c:16:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multiroots.c:430:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multiroots.c:459:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multiset.c:106:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(STR2CSTR(name), "wb"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multiset.c:121:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(STR2CSTR(name), "wb"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multiset.c:136:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(STR2CSTR(name), "w"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/multiset.c:151:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(STR2CSTR(name), "r"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/odeiv.c:326:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/odeiv.c:443:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/ool.c:30:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/permutation.c:320:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/permutation.c:326:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, " %d", (int) gsl_permutation_get(v, i)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/permutation.c:329:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, " ]"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/permutation.c:337:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:30:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p0->data, coef1, 2*sizeof(int)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:33:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p0->data, coef2, 3*sizeof(int)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:38:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p1->data, coef2, 3*sizeof(int)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:39:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p2->data, coef1, 2*sizeof(int)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:70:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p0->data, coef1, 2*sizeof(int)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:73:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p0->data, coef2, 3*sizeof(int)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:78:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p1->data, coef2, 3*sizeof(int)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:79:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p2->data, coef1, 2*sizeof(int)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:109:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p0->data, coef1, 2*sizeof(int)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:112:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p0->data, coef2, 3*sizeof(int)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:117:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p1->data, coef2, 3*sizeof(int)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:118:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p2->data, coef1, 2*sizeof(int)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:186:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p0->data, coef1, 2*sizeof(int)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:189:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p0->data, coef2, 3*sizeof(int)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly2.c:193:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p1->data, coef2, 3*sizeof(int)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly_source.h:1294:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(gsl_vector,memcpy)(vnew, v); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly_source.h:1440:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(gsl_vector,memcpy)(vnew, v); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/poly_source.h:1529:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/qrng.c:34:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/root.c:34:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/root.c:199:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf.c:36:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf.c:67:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[32]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf.c:69:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%10.9e %10.9e", rslt->val, rslt->err); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf.c:110:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[32]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sf.c:112:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%10.9e %10.9e\n", rslt->val, rslt->err); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/signal.c:184:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vtmp1->data, data1, sizeof(double)*size1); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/signal.c:185:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vtmp2->data, data2, sizeof(double)*size2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/sort.c:156:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr2, ptr1, sizeof(double)*size); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/spline.c:345:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/spline2d.c:181:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/stats.c:397:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data2, data, sizeof(double)*size*stride); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:138:34: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. return INT2FIX(FUNCTION(tensor,memcpy)(dst->tensor, src->tensor)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:710:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v->data, t->tensor->data, sizeof(BASE)*v->size); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:769:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:785:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, " "); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:792:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "... "); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:798:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "\n ... ]"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:825:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "... "); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:842:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:939:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_complex.c:417:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_complex.c:431:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "[%4.3e %4.3e]", GSL_REAL(*z), GSL_IMAG(*z)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_complex.c:441:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "[%4.3e %4.3e]", GSL_REAL(*z), GSL_IMAG(*z)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_complex.c:445:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, " [%4.3e %4.3e]", GSL_REAL(*z), GSL_IMAG(*z)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_complex.c:460:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:528:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[1024]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:537:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(command, "graph -T X -C -g 3"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:764:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[1024]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:767:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(command, "plot '-'"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:899:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024], filename[1024], *p; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_double.c:915:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "r"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:226:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v->data, NA_PTR_TYPE(ary2,BASE*), n*sizeof(BASE)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:407:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(gsl_vector,memcpy)(&vv.vector, vother); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:560:23: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(gsl_vector,memcpy)(vnew, v); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:761:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, v->data, sizeof(BASE)*v->size); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:766:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, v->data, sizeof(BASE)*v->size); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:777:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pnew->data+1, p->data, sizeof(BASE)*p->size); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:784:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pnew->data+1, p->data, sizeof(BASE)*p->size); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:794:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pnew->data, p->data + 1, sizeof(BASE)*(p->size-1)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:848:37: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static VALUE FUNCTION(rb_gsl_vector,memcpy)(VALUE obj, VALUE dest, VALUE src) data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:853:23: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(gsl_vector,memcpy)(vdest, vsrc); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:863:23: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(gsl_vector,memcpy)(vnew, v); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1088:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[1024]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1092:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(command, "graph -T X -g 3"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1098:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(command, "graph -T X -g 3"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1145:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[1024]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1149:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(command, "graph -T X -g 3"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1155:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(command, "graph -T X -g 3"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1291:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32], format[32], format2[32]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1312:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(format, "%%%dd ", (int) dig); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1320:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, " "); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1329:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, " ..."); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1341:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "... "); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1356:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1503:23: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (v->stride == 1) memcpy(vnew->data, v->data, sizeof(BASE)*v->size); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1504:28: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. else FUNCTION(gsl_vector,memcpy)(vnew, v); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1578:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t->tensor->data, v->data, sizeof(BASE)*v->size); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1590:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024] = ""; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1804:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m->data, v->data, sizeof(BASE)*v->size); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1830:23: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(gsl_vector,memcpy)(vnew, v); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1990:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(gsl_vector,memcpy)(&vv.vector, v); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1998:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(gsl_vector,memcpy)(&vv.vector, v); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2010:27: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(gsl_vector,memcpy)(&vv.vector, v); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2020:27: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(gsl_vector,memcpy)(&vv.vector, v); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2022:27: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(gsl_vector,memcpy)(&vv.vector, v2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2217:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024], filename[1024]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2233:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(filename, "r")) == NULL) data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2897:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, buf[16]; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2915:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%4.3e", FUNCTION(gsl_vector,get)(v, i)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:2917:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", FUNCTION(gsl_vector,get)(v, i)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:3088:53: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(rb_gsl_vector,memcpy), 2); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/wavelet.c:314:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr2, ptr1, sizeof(double)*n); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/wavelet.c:472:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr2, ptr1, sizeof(double)*n); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:150:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:153:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:157:3: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(buf, "]"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/block_source.h:158:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/common.c:78:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len0 = strlen(s0); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/common.c:79:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len1 = strlen(s1); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/common.c:89:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len0 = strlen(s0); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/common.c:90:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len1 = strlen(s1); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_complex.c:629:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:895:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:903:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:906:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:912:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:916:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, "]"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:917:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:919:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, "\n"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:920:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:1523:34: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static int FUNCTION(mygsl_matrix,equal)(GSL_TYPE(gsl_matrix) *a, GSL_TYPE(gsl_matrix) *b, double eps) data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:1549:37: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static VALUE FUNCTION(rb_gsl_matrix,equal)(int argc, VALUE *argv, VALUE obj) data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:1568:35: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return FUNCTION(rb_gsl_tensor,equal)(argc, argv, obj); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:1574:29: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (FUNCTION(mygsl_matrix,equal)(a, b, eps) == 1) return Qtrue; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/matrix_source.h:2583:43: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. FUNCTION(rb_gsl_matrix,equal), -1); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/permutation.c:327:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/permutation.c:330:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:786:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:790:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:793:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:799:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:803:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, "]"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:804:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:806:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, "\n"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:807:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:820:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:823:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:826:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:830:5: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(buf, "]"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:831:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:848:26: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. VALUE FUNCTION(rb_tensor,equal)(int argc, VALUE *argv, VALUE obj) data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/tensor_source.h:1105:39: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. FUNCTION(rb_tensor,equal), -1); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_complex.c:432:27: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (i != v->size-1) strcat(buf, "\n"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_complex.c:433:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_complex.c:442:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_complex.c:446:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:998:27: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. int FUNCTION(rbgsl_vector,equal)(const GSL_TYPE(gsl_vector) *v1, const GSL_TYPE(gsl_vector) *v2, double eps) data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1022:37: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static VALUE FUNCTION(rb_gsl_vector,equal)(int argc, VALUE *argv, VALUE obj) data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1043:35: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return FUNCTION(rb_gsl_tensor,equal)(argc, argv, obj); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1059:31: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (FUNCTION(rbgsl_vector,equal)(v1, v2, eps)) return Qtrue; data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1321:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1326:27: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (i != v->size-1) strcat(buf, "\n"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1327:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1330:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1336:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1339:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1342:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1347:3: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(buf, "]"); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1348:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:1626:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rb_str_buf_cat(str, buf, strlen(buf)); data/ruby-gsl-2.1.0.3+dfsg1/ext/gsl_native/vector_source.h:3119:43: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. FUNCTION(rb_gsl_vector,equal), -1); ANALYSIS SUMMARY: Hits = 554 Lines analyzed = 70876 in approximately 1.71 seconds (41510 lines/second) Physical Source Lines of Code (SLOC) = 62039 Hits@level = [0] 96 [1] 58 [2] 221 [3] 1 [4] 274 [5] 0 Hits@level+ = [0+] 650 [1+] 554 [2+] 496 [3+] 275 [4+] 274 [5+] 0 Hits/KSLOC@level+ = [0+] 10.4773 [1+] 8.92987 [2+] 7.99497 [3+] 4.4327 [4+] 4.41658 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.